quick-xml icon indicating copy to clipboard operation
quick-xml copied to clipboard
verified publisher icon tafia

Some API should be unsafe

Open max-ym opened this issue 6 years ago • 2 comments

Function borrowed_name (in quick_xml::events::BytesStart) as is stated in documentation - can be used to create BytesStart from a given name. But if you pass (by mistake or intentionally) attribute data in the string alongside with the name this function does not parse those attributes nor verify if actually passed data is a valid name. It will treat any kind of data as a name even if it is not valid! This can lead to hard to find bugs as it is possible to confuse fn borrowed_name with fn borrowed which seem to do similar things but lead to different internal state of BytesStart.

As this function accepts invalid data it should be marked unsafe. The documentation must be more specific about how to use this function and how not. For example, it must be stated that this function does not verify passed data and if user intents to pass attributes too he/she should use fn borrowed.

max-ym avatar Apr 09 '19 18:04 max-ym

borrowed_name() doesn't exist anymore (in the current unreleased master branch)

dralley avatar Jul 29 '22 22:07 dralley

I don't think that this is done. Yes, the borrowed_name identifier does not exist anymore, but we still have a functions, that should be unsafe in order to not break invariants, like https://github.com/tafia/quick-xml/blob/ad57bc29e8d9b10309748ce362fffc3580322cf5/src/events/mod.rs#L158-L171

Mingun avatar Jul 30 '22 10:07 Mingun