Closed Bug 277683 Opened 21 years ago Closed 21 years ago

e4x: processing instruction with target name XML should not be allowed

Categories

(Core :: JavaScript Engine, defect, P2)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Windows XP
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.8beta1

People

(Reporter: martin.honnen, Assigned: brendan)

References

(
URL
)

Details

(Keywords: js1.5)

Attachments

(2 files)

proposed fix, includes a hunk from the patch for bug 277650
3.33 KB, patch
shaver
: review+
Details | Diff | Splinter Review
e4x/Regress/regress-277683.js
2.27 KB, text/plain
Details
The XML 1.0 specification at <http://www.w3.org/TR/2004/REC-xml-20040204/#sec-pi> says about the target names of processing instructions: "The target names "XML", "xml", and so on are reserved for standardization in this or future versions of this specification." and the grammar explictly excludes PITarget ::= Name - (('X' | 'x') ('M' | 'm') ('L' | 'l')) thus I think E4X in Spidermonkey in the test case <http://home.arcor.de/martin.honnen/mozillaBugs/e4x/processingInstructionXML.js> should throw an error when parsing the XML literal but it doesn't. Rhino throws an error.
Assignee: general → brendan
Keywords: js1.5
Priority: -- → P2
Target Milestone: --- → mozilla1.8beta
I hope CVS can avoid conflicts, whichever bug's patch is checked in or applied before the other is checked in. /be
Attachment #170862 - Flags: review?(shaver)
Status: NEW → ASSIGNED
Comment on attachment 170862 [details] [diff] [review] proposed fix, includes a hunk from the patch for bug 277650 r=shaver (some overlap with the xml:lang bug, I see)
Attachment #170862 - Flags: review?(shaver) → review+
Fixed. /be
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Verified fixed with Mozilla 1.8b (Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b) Gecko/20050122)
Status: RESOLVED → VERIFIED
Martin, with your permission this will be included in the javascript test library.
e4x/Regress/regress-277683.js checked in.
Flags: testcase+
This breaks foo = new XML('<?xml version="1.0"?>\n<foo/>'); which blocks me from reading regular on-the-web XML content. Should that be a different bug or should we reopen this one?
(In reply to comment #7) > This breaks > > foo = new XML('<?xml version="1.0"?>\n<foo/>'); > > which blocks me from reading regular on-the-web XML content. It is supposed to "break", the E4X specification says that new XML(string) is evaluated as ToXML(string) where ToXML is supposed to wrap the string into <parent xmlns="currentDefaultNamespace"></parent> and then parse that according to XML rules so with above argument the XML parser sees the markup <parent xmlns="currentDefaultNamespace"> <?xml version="1.0"?> <foo/> </parent> and that causes a parse error as it is not well-formed. So the E4X spec would need a change to allow passing in the complete markup of an XML document including the XML declaration as a string, the current behavior is according to the spec.
Perhaps the spec has a usability bug here, but this code-level bugzilla bug should stay closed. I'll raise the issue with ECMA TG1. /be
I halfway-successfully worked around this now, which was still way easier than to deal with the DOM ;-). All I need to do is to water-proof my regexp a bit more. I'll paste it here once it's done.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: