1

I'm trying to validate some input xml on the fly in a React app using fast-xml-parser. I'm just using the out-of-box default options, and when I try <test></test it comes back as valid.

Here I'm outputting the text I'm running through parser.validate() as well as its return value to the console:

enter image description here

I tried it in their online tool as well: In what world is this valid?

Not to be rude, but am I missing a "do the right and obvious thing" switch in the options or something? I'm asking because I want to post an issue, and asking Stackoverflow first is a requirement.

Cliff Hall
  • 723
  • 6
  • 13
  • For anyone coming across this before it's fixed (or a missing configuration is discovered), here's what I came up with: `const valid = !!xml && xml.trim().endsWith('>') && (parser.validate(xml) === true);` – Cliff Hall Sep 17 '19 at 20:09
  • you can use a regexp to test for a missing `>` on a closing tag: `/<(\w+)[\w\W]+<\/\1\b($|[^>])/g` . it seems your suggested code would only find the problem if it occurred on the document's closing tag. – dandavis Sep 17 '19 at 20:17
  • `if((xml+"").trim().slice(-1)!=">") alert("invalid");` – dandavis Sep 17 '19 at 20:24
  • Yes, I only observe the error on the closing tag at the end of the document. If there was a `` it would flag the issue that the `` tag wasn't closed. – Cliff Hall Sep 18 '19 at 19:48
  • The issue has been fixed in v3.17.1 – Amit Kumar Gupta May 19 '20 at 02:39

1 Answers1

2

It's obviously a bug...

Not to be rude, but am I missing a "do the right and obvious thing" switch in the options or something? I'm asking because I want to post an issue, and asking Stackoverflow first is a requirement.

  1. You're not being rude. Rude would be to expect SO to triage bug reports (and embarrassing would be to require that greater attention be drawn to bugs via such a policy).

  2. Note also the authors of fast-xml-parser are misusing the term valid.
    See Well-formed vs Valid XML.

...but it's worse than an isolated bug:

From fast-xml-parser's limitations section:

Limitations

Currently FXP fails to parse XML with attributes has ">" in the value. This problem is left open as change in regex for its fix is degrading the performance. And the parser become very slow in case of long attrbute [sic] names.

  1. Any XML "parser" based on regex is a toy and should not be used professionally.

Bottom line: This is more serious than an isolated bug. It's the tip of the iceberg of a serious design flaw in fast-xml-parser. Recommendation: Avoid.

kjhughes
  • 106,133
  • 27
  • 181
  • 240