eclipselink
eclipselink copied to clipboard
eclipse-ee4j
Moxy 2.7.x - Serialising Object containing DOM Element with xmlns="" to XMLStreamWriter can emit duplicate xmlns tag, resulting in corrupt XML
(I originally reported this on Bugzilla as 576541 last year, but it has since received an automated reply that sounds like Bugzilla is no longer in use?)
I believe there is a long-standing bug in MOXy whereby if the Object being serialised contains a dom Element, and that Element (or any of its children) have an empty default namespace tag defined, serialisation will emit a duplicate xmlns="" tag when outputting to an XMLStreamWriter, resulting in invalid XML which cannot be parsed.
I have built a test case that demonstrates the simplest manifestation of the bug (and also my workaround, which is an XMLStreamWriter that detects and suppresses duplicate xmlns="" events).
https://github.com/petergeneric/moxybug-2021-10
Just run mvn test to demo the bug. The MOXy version is a variable, moxy.version. I've tested this against a range of versions between 2.5.0 and 2.7.11, and on Java 8 and 17.
My workaround works where the application is in control of the XMLStreamWriter, however there are other cases where it is not (e.g. in a JAX-RS context with, say, resteasy's fastinfoset provider, where the client/server generates invalid Fast Infoset XML where it would generate valid application/xml)
When tracing the calls to XMLStreamWriter.setDefaultNamespace as part of my test case when using moxy 2.7.11, the first call is from:
at bugdemo.DuplicateNSFilteringXMLStreamWriter.writeDefaultNamespace(DuplicateNSFilteringXMLStreamWriter.java:148)
at org.eclipse.persistence.internal.oxm.record.DomToXMLStreamWriter.writeElement(DomToXMLStreamWriter.java:111)
at org.eclipse.persistence.internal.oxm.record.DomToXMLStreamWriter.writeToStream(DomToXMLStreamWriter.java:43)
at org.eclipse.persistence.oxm.record.XMLStreamWriterRecord.node(XMLStreamWriterRecord.java:215)
at org.eclipse.persistence.oxm.record.MarshalRecord.node(MarshalRecord.java:456)
at org.eclipse.persistence.internal.oxm.XMLAnyObjectMappingNodeValue.marshalSimpleValue(XMLAnyObjectMappingNodeValue.java:280)
at org.eclipse.persistence.internal.oxm.XMLAnyObjectMappingNodeValue.marshalSingleValue(XMLAnyObjectMappingNodeValue.java:104)
at org.eclipse.persistence.internal.oxm.XMLAnyObjectMappingNodeValue.marshal(XMLAnyObjectMappingNodeValue.java:67)
at org.eclipse.persistence.internal.oxm.NodeValue.marshal(NodeValue.java:104)
at org.eclipse.persistence.internal.oxm.record.ObjectMarshalContext.marshal(ObjectMarshalContext.java:61)
And the second call (which is what results in the XML being invalid) is:
at bugdemo.DuplicateNSFilteringXMLStreamWriter.writeDefaultNamespace(DuplicateNSFilteringXMLStreamWriter.java:148)
at org.eclipse.persistence.internal.oxm.record.DomToXMLStreamWriter.writeElement(DomToXMLStreamWriter.java:135)
at org.eclipse.persistence.internal.oxm.record.DomToXMLStreamWriter.writeToStream(DomToXMLStreamWriter.java:43)
at org.eclipse.persistence.oxm.record.XMLStreamWriterRecord.node(XMLStreamWriterRecord.java:215)
at org.eclipse.persistence.oxm.record.MarshalRecord.node(MarshalRecord.java:456)
at org.eclipse.persistence.internal.oxm.XMLAnyObjectMappingNodeValue.marshalSimpleValue(XMLAnyObjectMappingNodeValue.java:280)
at org.eclipse.persistence.internal.oxm.XMLAnyObjectMappingNodeValue.marshalSingleValue(XMLAnyObjectMappingNodeValue.java:104)
at org.eclipse.persistence.internal.oxm.XMLAnyObjectMappingNodeValue.marshal(XMLAnyObjectMappingNodeValue.java:67)
at org.eclipse.persistence.internal.oxm.NodeValue.marshal(NodeValue.java:104)
at org.eclipse.persistence.internal.oxm.record.ObjectMarshalContext.marshal(ObjectMarshalContext.java:61)
N.B. this issue no longer appears in 4.0.0-RC2, but we have projects that cannot be migrated from javax to jakarta so we can't avail of this new major version currently.