Hi
Unfortunately, I found another way to produce invalid XML values.
template1=# SELECT (XPATH('/*', XMLELEMENT(NAME "root", XMLATTRIBUTES('<' as xmlns))))[1]; xpath
-------------------<root xmlns="<"/>
Since a literal "<" is not allowed in XML attributes, this XML value is not well-formed. And indeed
template1=# SELECT (XPATH('/*', XMLELEMENT(NAME "root", XMLATTRIBUTES('<' as xmlns))))[1]::TEXT::XML;
ERROR: invalid XML content
DETAIL: Entity: line 1: parser error : Unescaped '<' not allowed in attributes values
Note that this only affects namespace declarations (xmlns). The following case works correctly
template1=# SELECT (XPATH('/*', XMLELEMENT(NAME "root", XMLATTRIBUTES('<' as value))))[1]; xpath
----------------------<root value="<"/>
The root of this issue is that "<" isn't a valid namespace URI to begin with, since "<" isn't in the set of allowed
charactersfor URIs. Thus, when converting an XML node back to text, libxml doesn't escape xmlns attribute values.
I don't have a good solution for this issue yet. Special-casing attributes called "xmlns" (or "xmlns:<prefix>") in
XMLATTRIBUTES()solves only part of the problem - the TEXT to XML cast is similarly lenient and doesn't complain if you
do'<root xmlns="<"/>'::XML.
Why this cast succeeds is somewhat beyond me though - piping the very same XML document into xmllint produces
$ echo '<root xmlns="<"/>' | xmllint -
-:1: namespace error : xmlns: '<' is not a valid URI
My nagging suspicion is that libxml reports errors like there via some callback function, and only returns a non-zero
resultif there are structural errors in the XML. But my experience with libxml is pretty limited, so maybe someone with
moreexperience in this area can shed some light on this...
best regards,
Florian Pflug