[XERCESC-2240] Junk characters (including null) allowed in XML declaration - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 3.2.3
Fix Version/s: None
Component/s: Non-Validating Parser
Labels:
None
Environment:
Linux

Language:
- C++

Description

In a library we've written using Xerces-C++ to validate XML files against a given XSD, we have discovered that the XercesDOMParser::parse() function does not record any errors if the XML declaration at the beginning of an XML document contains "junk" characters, including control characters (^K) or null bytes. The null control character specifically should be invalid in any XML document. I.e. the following XML file (attaching as basic_bad_bytes.xml) parses without error, but it should not:

<?xml version="1.0" encoding^@^@^@^@^@="UTF-8" ?>
<root_elem>
<child_elem some_attr="abc" />
<child_elem some_attr="def" />
</root_elem>

The following XML (attaching as basic_bad_bytes2.xml) correctly reports an error:

<?xml version="1.0" encoding="UTF-8" ?>
<root_elem^@^@^@^@^@>
<child_elem some_attr="abc" />
<child_elem some_attr="def" />
</root_elem>

This is similar to XERCESC-1701, where the end of the document after the root element was found to allow "junk" characters during parsing.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

basic_bad_bytes.xml
08/Sep/22 22:04
0.1 kB
Benjamin Fritz
basic_bad_bytes2.xml
08/Sep/22 22:04
0.1 kB
Benjamin Fritz

Activity

People

Assignee:: Unassigned

Reporter:: Benjamin Fritz

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Sep/22 22:03

Updated:: 05/Oct/22 16:01