macedigital / express-xml-bodyparser Goto Github PK

I use xml-body-parser in my middleware-

With version 0.2.2 xml body parser use to work fine- Every time a client use to provide invalid xml. Parser use to work perfectly with our middleware chain. Now as soon as i have update to 0.3.0. I am getting exception from my application-

Error: Can't set headers after they are sent.
at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:356:11)

When i go back to previous version 0.2.2 i no longer get the above exception and errors are handled by my next function in line in the middleware.

Is there any specific change that was done between these versions ?

I have the following doc

<?xml version="1.0" encoding="UTF-8" ?>
<error>
    <message>
    	<test>
    		test
    	</test>
    </message>
         <errorCode>12</errorCode>
</error>

and after it is parsed what i get is

{ error: { message: [ [Object] ], errorcode: [ '12' ] } }

As you can see message tag is interpreted correct but impossible to reach children

Could someone please clarify why there is a different package https://www.npmjs.com/package/xml-bodyparser with same github repository link and similar code except few updates like changed dependencies versions and code changes in \lib\types\xml.js.

Proposition:
The next release should no longer try to maintain support for node v0.8.x.
In order to minimize impact, version is bumped by at least a minor version, projects using this middleware should make sure to use a compatible version.

bodyparser has verify method. But this xml parser doesn't have anything like this

Hi,

I need to receive POST requests with gziped XMLs. In my tests, I'm receiving:

{"message":"Non-whitespace before first tag.\nLine: 0\nColumn: 1\nChar: \u001f","status":400}

I suspect that this message is coming from xml2js.

In my project we use compression middleware also, I don't know with this could interfere.

Thank you.

I've never seen shrinkwrap used for libraries before, AFAIK it is meant for top-level apps.

Is there a reason for its inclusion in the project? Could it be removed?

When entered an invalid XML form as content body, it throws error. However, I can not handle the error from the application and send a custom message. Is there any way to do that?

Error: Non-whitespace before first tag. Line: 0 Column: 1 Char: s

Introduced through: [email protected] › [email protected]
Fixed In: [email protected]

Please upgrade internal package xml2js (v0.4.23 to v0.5.0) of express-xml-bodyparser

Issue: [email protected]
Fixed In: [email protected]
Introduced through: [email protected] › [email protected]

Please upgrade internal package xml2js (v0.4.23 to v0.5.0) of express-xml-bodyparser

The currently used version of xml2js (0.2.8) doesn't handle malformed xml correctly.

When passing malformed xml to xml2js such as 'an object</object' the callback is never invoked and the request eventually times out.

Updating to version 0.4.1 of xml2js solves this.

I took your sample app and stripped it down to basics:

  var app, express, http, server, xmlparser;
  express = require('express');
  app = express();
  http = require('http');
  server = http.createServer(app);

  xmlparser = require('express-xml-bodyparser');
  app.use(xmlparser());

  app.post('/xml', function(req, res, next) {
    var _ref, _ref1;
    if (((_ref = req.body) != null ? _ref.length : void 0) > 0) {
      res.send('OK!');
    } else {
      res.send('Not OK :(');
    }
    console.log("post body length " + (((_ref1 = req.body) != null ? _ref1.length : void 0) || 0));
    return res.end();
  });

  server.listen(1337);

Runs fine. But when I send it a chunk of XML via CURL I get nothing:

10:17 ~ $ curl -X POST -H "Content-Type: text/xml" -d '<?xml version=\"1.0\" encoding=\"UTF-8\"?><stuff>Hello?</stuff>' http://localhost:1337/xml
Not OK :(
10:17 ~ $ curl -X POST -H "Content-Type: application/xml" -d '<?xml version=\"1.0\" encoding=\"UTF-8\"?><stuff>Hello?</stuff>' http://localhost:1337/xml
Not OK :(

When I send the same content to a simple server using just the http module, it works fine:

$ curl -X POST -H "Content-Type: application/xml" -d '<?xml version=\"1.0\" encoding=\"UTF-8\"?><stuff>Hello?</stuff>' http://localhost:3000
post received: <?xml version=\"1.0\" encoding=\"UTF-8\"?><stuff>Hello?</stuff>

(The server code is simple, you can see it here: http://stackoverflow.com/a/12007627/30946)

I can't see any way to strip the sample down further, so either the code isn't working right or I'm doing something wrong. Suggestions? Bug?

When using xml2js 0.4.5 (the latest) according to your rule (~0.4.1) I end up with a crash when providing a malformed xml (ex, Unclosed root tag). Rolling back to 0.4.4 give me the correct behaviour and gets me a 400 error in express with the error message.
Though in my opinion it would not be related to express-xml-bodyparser I guess forcing xml2js to be at most the 0.4.4 should be a temporary measure.

It looks like the last line in index.js changed from:

exports.regexp = ...

to:

module.exports.regexp = ...

in the last version. This appears to be causing an issue at line 41 of the same file later, when export.regexp is undefined.

In the README for this repo, you give the following warning:

IMPORTANT: Currently, it is not advisable to operate xml2js in async=true mode. Unless you can absolutely trust input data (which you should not), certain types of invalid XML will throw uncaught exceptions. See https://github.com/Leonidas-from-XIV/node-xml2js/issues/232 for progress on this issue. Until then, the default option is set to async=false.

However, as far as I can tell, the issue being referenced has been resolved and it's no longer unsafe to operate xml2js in async=true mode. Is this correct? If so, I can create a PR for this README to remove the warning!

Thanks!

I added a new type definition for express-xml-bodyparser in @types

Hello,

I have an XML file with a "&" character inside a field, and I am receiving an error message: "Error: Invalid character in entity name". However, when I manually remove the "&", the error is resolved.

Is it possible to create an option that can ignore or remove this "&" character automatically?

Thank you.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:boor="http://www.accurate.com/acec/AcecBOSOAIntegration/BOOrderIntegration">
  <soapenv:Header />
  <soapenv:Body>
    <boor:integrateOrderRequest>
      <order xmlns:ns2="http://www.accurate.com/acec/InvoiceInfo"
        xmlns="http://www.accurate.com/acec/order">
        <orderId>52379860</orderId>
        <totalAmount>203.90</totalAmount>
        <deliveryAddress>
          <addressId>53933</addressId>
          <recipientNm>BRUNO & MENDES TREINAMENTO E SERVICOS LTDA</recipientNm>
          <address>AV RAIMUNDO PEREIRA DE MAGALHAES</address>
        </deliveryAddress>
      </order>
    </boor:integrateOrderRequest>
  </soapenv:Body>
</soapenv:Envelope>

I am getting ERROR:

Error: Invalid character in entity name
Line: 20
Column: 30
Char:
at error (/home/integrador/node_modules/sax/lib/sax.js:651:10)
at strictFail (/home/integrador/node_modules/sax/lib/sax.js:677:7)
at SAXParser.write (/home/integrador/node_modules/sax/lib/sax.js:1491:13)
at Object.module.exports [as xml2js] (/home/integrador/node_modules/xml-js/lib/xml2js.js:346:12) {
note: [Circular *1]

This is something supported by the regular express body parser. It would be nice to limit the body size, e.g.

app.use(xmlBodyParser({ limit: '1MB' }));

I'd be keen to help out with a PR if you could point me in the right direction. The README mentions using raw-body - is this the way forward?