logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

crate: xml-rs

https://lib.rs/crates/xml-rs/

Rust links:

Rust-lang.org

lib.rs

crates.io

docs.rs

Add the last reviewed version to Cargo.toml / [dependencies]:

xml-rs = "0.8.16"

Please, use mobile in landscape.

Filter reviews clicking on the numbers in the summary.

Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.

Neg
Neu
Pos
Str
tho
und
rev
crate
5
9
9
5
0.8.16
1
2
2
1
0.8.13
1
2
2
1
0.8.9
1
2
2
1
0.8.5
1
2
2
1
0.8.0
1
1
1
1
crate version
rating
date
reviewer
thoroughness, understanding
xml-rs 0.8.16
positive
2023-09-03
kornelski
high, high
alternative:
https://crates.io
xml_oxide
xml-rs 0.8.13
positive
2023-05-24
kornelski
high, high
alternative:
https://crates.io
xml
xml-rs 0.8.9
positive
2023-05-10
kornelski
high, high
alternative:
https://crates.io
xml_oxide
xml-rs 0.8.5
positive
2023-05-10
kornelski
high, high
xml-rs 0.8.0
positive
2019-09-03
MaulingMonkey
medium, medium

Fairly full review. Looks solid.

  • My eyes glazed over a bit when going through the decode state machine.
  • Some of the namespace stuff too.
  • Caught netvl/xml-rs#179 at least

Pros:

  • Safe code!

Cons:

  • Probably slower than quick-xml
  • Encoding XML not 100% bug free yet
  • No DTD support (yet?)
FileRatingNotes
src/reader/parser/inside_cdata.rs+1Going through tokenizer at all unnerves me slightly
src/reader/parser/inside_closing_tag_name.rs+1
src/reader/parser/inside_comment.rs+1
src/reader/parser/inside_declaration.rs+1
src/reader/parser/inside_doctype.rs+1
src/reader/parser/inside_opening_tag.rs+1
src/reader/parser/inside_processing_instruction.rs+1
src/reader/parser/inside_reference.rs+1
src/reader/parser/mod.rs+1
src/reader/parser/outside_tag.rs+1
src/reader/config.rs+1
src/reader/error.rs+1
src/reader/events.rs+1
src/reader/lexer.rs+1
src/reader/mod.rs+1
src/writer/config.rs+1Two space indents by default is heresy but whatever.
src/writer/emitter.rs0Encodings not escaped, namespace URIs not escaped. General attributes are escaped though. CDATA containing ]]> not fixed.
src/writer/events.rs+1
src/writer/mod.rs+1
src/analyze.rs+1Should really be moved to bins or examples or something.
src/attribute.rs+1
src/common.rs0Caught netvl/xml-rs#179
src/escape.rs+1
src/lib.rs+1
src/macros.rs+1
src/name.rs+1
src/namespace.rs+1
src/util.rs+1
tests/documents/sample_1_full.txt+1skimmed
tests/documents/sample_1_short.txt+1skimmed
tests/documents/sample_1.xml+1skimmed
tests/documents/sample_2_full.txt+1skimmed
tests/documents/sample_2_short.txt+1skimmed
tests/documents/sample_2.xml+1skimmed
tests/documents/sample_3_full.txt+1skimmed
tests/documents/sample_3_short.txt+1skimmed
tests/documents/sample_3.xml+1skimmed
tests/documents/sample_4_full.txt+1skimmed
tests/documents/sample_4_short.txt+1skimmed
tests/documents/sample_4.xml+1skimmed
tests/documents/sample_5_short.txt+1skimmed
tests/documents/sample_5.xml+1skimmed
tests/event_reader.rs+1
tests/event_writer.rs+1
tests/streaming.rs+1
.cargo-ok+1
.gitignore+1
.travis.yml+1Installs pip travis-cargo
Cargo.toml+1
Cargo.toml.orig+1
Changelog.md+1
design.md+1TODO list
LICENSE+1MIT, matching Cargo.toml
Readme.md+1MIT Licensed
OtherRatingNotes
unsafe+1One small use in test case, PR to remove upstream and apply deny(unsafe_code) lint.
fs+1Only in analyze (and maybe tests?), and sanely
io+1
docs+1
tests0Needs more fuzz tests

src/reader/parser/inside_reference.rs

LineWhatNotes
23predefined XML entitiesApparently these 5 are the only predefined entities in XML. Don't have to worry about the hundreds HTML supports.
52custom XML entitiesNot recursive, no XML bomb here unless DTD constructed a huge entry for extra_entities already.

TIL

  • &impl ?Sized+AsRef<str>

© bestia.dev 2023, MIT License, Version: 2023.608.1636

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/