encoding/xml: require whitespace before processing instruction value

DemiMarie · DemiMarie · commit 9c648caab344 · 2024-09-01T11:03:31.000-04:00
The value of a processing instruction must either be empty or have whitespace before it. Fixes: #68386
diff --git a/src/encoding/xml/xml.go b/src/encoding/xml/xml.go
@@ -604,27 +604,45 @@ func (d *Decoder) rawToken() (Token, error) {
 	case '?':
 		// <?: Processing instruction.
 		var target string
+		var data []byte
 		if target, ok = d.name(); !ok {
 			if d.err == nil {
 				d.err = d.syntaxError("expected target name after <?")
 			}
 			return nil, d.err
 		}
-		d.space()
 		d.buf.Reset()
-		var b0 byte
-		for {
+		if b, ok = d.mustgetc(); !ok {
+			return nil, d.err
+		}
+		switch b {
+		case ' ', '\t', '\r', '\n':
+			d.space()
+			var b0 byte
+			for {
+				if b, ok = d.mustgetc(); !ok {
+					return nil, d.err
+				}
+				d.buf.WriteByte(b)
+				if b0 == '?' && b == '>' {
+					break
+				}
+				b0 = b
+			}
+			data = d.buf.Bytes()
+			data = data[0 : len(data)-2] // chop ?>
+		case '?':
 			if b, ok = d.mustgetc(); !ok {
 				return nil, d.err
 			}
-			d.buf.WriteByte(b)
-			if b0 == '?' && b == '>' {
-				break
+			if b != '>' {
+				d.err = d.syntaxError("expected ?> after empty processing instruction")
+				return nil, d.err
 			}
-			b0 = b
+		default:
+			d.err = d.syntaxError("unexpected byte after processing instruction name")
+			return nil, d.err
 		}
-		data := d.buf.Bytes()
-		data = data[0 : len(data)-2] // chop ?>
 
 		if target == "xml" {
 			content := string(data)
