XML Editor - Download a Free Trial >
See What's New >
Buy Now >

[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: contemporary XML parsing in JavaScript

  • From: Michael Kay <mike@saxonica.com>
  • To: "Liam R. E. Quin" <liam@fromoldbooks.org>
  • Date: Fri, 2 Dec 2022 08:46:28 +0000
Re: contemporary XML parsing in JavaScript
Play the video
The situation with XML parsing in Javascript is pretty dire. There are a lot of products that claim to be XML parsers but are poorly documented, only do the parts of XML that they fancy, and add in bits of HTML parsing where they feel like it. We have yet to find a parser that does DTD processing. The XXE security scare stories don't help, of course.

I don't think NPM downloads is a particularly good metric, because so many of them are from automated build scripts. It would be good to have a number for distinct IP addresses. For the record, SaxonJS is getting about 12K downloads per week, which is healthy, but a tiny fraction of these numbers.

The sax-js parser, which we use in Saxon, gets 28M downloads a week, far more than fast-xml-parser. And none of them are attributable to us, because we actually forked the code to fix some conformance bugs and ship a modified version. (We didn't contribute the changes back because some of them would cause compatibility problems by disabling non-conformant extensions.)

Michael Kay
Saxonica

> On 2 Dec 2022, at 05:56, Liam R. E. Quin <liam@fromoldbooks.org> wrote:
> 
> On Thu, 2022-12-01 at 16:25 -0500, Simon St.Laurent wrote:
>> 
>> "fast-XML-parser NPM package has more downloads/week (6 million) than
>> Vue (3.4 million) or Angular (3 million)."
> 
> Good fined!
> 
> 
> It might also suggest they do a lot of bug fixes, since node checks
> often for new revisions. Or that there was a mistake that caused the
> package to be downloaded every time node.js was started. Or that it's
> fairly widely used :)
> 
> Checking
> https://snyk.io/advisor/npm-package/fast-xml-parser
> i see that 658 other projects depend on it. Also, i do notice a spike
> of downloads after each release, but it's small compared to the total,
> so that's not a major factor.
> 
> React.js gets nearly 17 million downloads per week, though, accordingto
> that page, and xml-js gets over 14.
> 
> It's not a validating parser; the documentation says "DOCTYPE entities
> are supported" and also "unpaired tags (Eg <br> in HTML), stop nodes
> (Eg <script> in HTML) are supported"
> See https://github.com/NaturalIntelligence/fast-xml-parser
> 
> 
> The "validator" has an option, "allowBooleanAttributes" but doesn't
> seem to have any reference to a DTD or external document type
> definition: it's checking well-formedness:
> 
>   const xmlData = `<parent><extra></parent>`;
>   const result = XMLValidator.validate( xmlData, {
>     unpairedTags: ["extra"]
>   });
> 
> Being able to "validate" this as XML is a violation of the XML
> specification, but that doesn't mean it isn't useful.
> 
> The parser does not allow entity replacement text to contain &, and
> also goes wrong (silently returns an incorrect result as XML) if there
> is an unescaped & in the input.
> 
> So, it's moderately popular, widely used, a little buggy...
> interestingly, it has some HTML entities built in such as &inr; for
> Indian Rupee but not egrave etc.
> 
> It looks like they are actively working to improve it, and are aware
> of, and admit to, its limitations, which is excellent.
> 
> liam
> 
> -- 
> Liam Quin, https://www.delightfulcomputing.com/
> Available for XML/Document/Information Architecture/XSLT/
> XSL/XQuery/Web/Text Processing/A11Y training, work & consulting.
> Barefoot Web-slave, antique illustrations:  http://www.fromoldbooks.org
> 
> _______________________________________________________________________
> 
> XML-DEV is a publicly archived, unmoderated list hosted by OASIS
> to support XML implementation and development. To minimize
> spam in the archives, you must subscribe before posting.
> 
> [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
> Or unsubscribe: xml-dev-unsubscribe@lists.xml.org
> subscribe: xml-dev-subscribe@lists.xml.org
> List archive: http://lists.xml.org/archives/xml-dev/
> List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Buy Stylus Studio Now

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Don't miss another message! Subscribe to this list today.
Email
First Name
Last Name
Company
Subscribe in XML format
RSS 2.0
Atom 0.3
 

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.


Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >
See What's New in Stylus Studio >
Buy Stylus Studio - XML Editor - Now >
Site Map | Privacy Policy | Terms of Use | Trademarks
Free Stylus Studio XML Training:
W3C Member
Stylus Studio® and DataDirect XQuery ™are products from DataDirect Technologies, is a registered trademark of Progress Software Corporation, in the U.S. and other countries. © 2004-2013 All Rights Reserved.