summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorBeshr Kayali <beshrkayali@users.noreply.github.com>2021-05-09 20:24:00 +0200
committerGitHub <noreply@github.com>2021-05-09 19:24:00 +0100
commitf4dd95f3bee14b69caec63c3be984c4a75f43c8a (patch)
tree3da6d2362e3858ad2b7ad6af56f1d4623b983951
parentd84a3b10b5540d77a3501b9269dabeaedad542de (diff)
downloadNim-f4dd95f3bee14b69caec63c3be984c4a75f43c8a.tar.gz
Fix parseUri to sanitize urls containing ASCII newline or tab (#17967)
* Fix parseUri to sanitize urls containing ASCII newline or tab

* Fix ups based on review

Co-authored-by: Timothee Cour <timothee.cour2@gmail.com>

* Additional fix ups based on review

- Avoid unnecessary `removeUnsafeBytesFromUri` call if parseUri is strict
- Move some parseUri tests to uri module test file

Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com>

* Update changelog

Co-authored-by: Timothee Cour <timothee.cour2@gmail.com>
Co-authored-by: Dominik Picheta <dominikpicheta@googlemail.com>
Diffstat
-rw-r--r--changelog.md1
-rw-r--r--lib/pure/uri.nim32
-rw-r--r--tests/stdlib/turi.nim12
3 files changed, 42 insertions, 3 deletions
diff --git a/changelog.md b/changelog.md
index 29b3237d0..7732aec30 100644
--- a/changelog.md
+++ b/changelog.md
@@ -299,6 +299,7 @@
 
 - Added `copyWithin` [for `seq` and `array` for JavaScript targets](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/copyWithin).
 
+- Added optional `strict` argument to `parseUri` of `uri` module to raise a `UriParseError` if input contains newline or tab characters, or [remove them in non-strict case](https://url.spec.whatwg.org/#concept-basic-url-parser).
 
 ## Language changes
 
diff --git a/lib/pure/uri.nim b/lib/pure/uri.nim
index a828298c2..67d5e5933 100644
--- a/lib/pure/uri.nim
+++ b/lib/pure/uri.nim
@@ -51,6 +51,8 @@ type
 
   UriParseError* = object of ValueError
 
+# https://url.spec.whatwg.org/#concept-basic-url-parser
+const unsafeUrlBytesToRemove = {'\t', '\r', '\n'}
 
 proc uriParseError*(msg: string) {.noreturn.} =
   ## Raises a `UriParseError` exception with message `msg`.
@@ -261,7 +263,11 @@ func resetUri(uri: var Uri) =
     else:
       f = false
 
-func parseUri*(uri: string, result: var Uri) =
+func removeUnsafeBytesFromUri(uri: string): string =
+  for c in uri:
+    if c notin unsafeUrlBytesToRemove: result.add c
+
+func parseUri*(uri: string, result: var Uri, strict = true) =
   ## Parses a URI. The `result` variable will be cleared before.
   ##
   ## **See also:**
@@ -273,6 +279,26 @@ func parseUri*(uri: string, result: var Uri) =
     assert res.scheme == "https"
     assert res.hostname == "nim-lang.org"
     assert res.path == "/docs/manual.html"
+
+    # Non-strict
+    res = initUri()
+    parseUri("https://nim-lang\n.org\t/docs/", res, strict=false)
+    assert res.scheme == "https"
+    assert res.hostname == "nim-lang.org"
+    assert res.path == "/docs/"
+
+    # Strict
+    res = initUri()
+    doAssertRaises(UriParseError):
+      parseUri("https://nim-lang\n.org\t/docs/", res)
+
+  var uri = uri
+  if strict:
+    for c in uri:
+      if c in unsafeUrlBytesToRemove: uriParseError("Invalid uri '$#'" % uri)
+  else:
+    uri = removeUnsafeBytesFromUri(uri)
+
   resetUri(result)
 
   var i = 0
@@ -309,7 +335,7 @@ func parseUri*(uri: string, result: var Uri) =
   # Path
   parsePath(uri, i, result)
 
-func parseUri*(uri: string): Uri =
+func parseUri*(uri: string, strict = true): Uri =
   ## Parses a URI and returns it.
   ##
   ## **See also:**
@@ -320,7 +346,7 @@ func parseUri*(uri: string): Uri =
     assert res.password == "Password"
     assert res.scheme == "ftp"
   result = initUri()
-  parseUri(uri, result)
+  parseUri(uri, result, strict)
 
 func removeDotSegments(path: string): string =
   ## Collapses `..` and `.` in `path` in a similar way as done in `os.normalizedPath`
diff --git a/tests/stdlib/turi.nim b/tests/stdlib/turi.nim
index a3b6afe2c..26b88a982 100644
--- a/tests/stdlib/turi.nim
+++ b/tests/stdlib/turi.nim
@@ -141,6 +141,18 @@ template main() =
       doAssert test.port == ""
       doAssert test.path == "/foo/bar/baz.txt"
 
+    block: # Strict
+      doAssertRaises(UriParseError):
+        discard parseUri("https://nim-lang\n.org\t/docs/\nalert('msg\r\n')/?query\n=\tvalue#frag\nment")
+
+      # Non-strict would sanitize newline and tab characters from input
+      let test = parseUri("https://nim-lang\n.org\t/docs/\nalert('msg\r\n')/?query\n=\tvalue#frag\nment", strict=false)
+      assert test.scheme == "https"
+      assert test.hostname == "nim-lang.org"
+      assert test.path == "/docs/alert('msg')/"
+      assert test.query == "query=value"
+      assert test.anchor == "fragment"
+
   block: # combine
     block:
       let concat = combine(parseUri("http://google.com/foo/bar/"), parseUri("baz"))
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2025-02-11 13:47:58 +0000
us revision' href='/ahoang/Nim/blame/lib/parsexml.nim?h=devel&id=e792940f5273bf8f8761c4cb29b241445e8b1d0b'>^ 
4d4b3b1c0 ^

08bc9ac03 ^


























3f3dda5a7 ^

08bc9ac03 ^














3f3dda5a7 ^

e22c73fd8 ^

08bc9ac03 ^


e22c73fd8 ^

08bc9ac03 ^


6ecbed728 ^


08bc9ac03 ^



e22c73fd8 ^

08bc9ac03 ^



e22c73fd8 ^

08bc9ac03 ^

































f721ddd75 ^

08bc9ac03 ^


4d4b3b1c0 ^

08bc9ac03 ^



4d4b3b1c0 ^

08bc9ac03 ^






























4d4b3b1c0 ^

08bc9ac03 ^



4d4b3b1c0 ^

08bc9ac03 ^




















20962ca50 ^

08bc9ac03 ^




























































4d4b3b1c0 ^

08bc9ac03 ^



4d4b3b1c0 ^

08bc9ac03 ^

























4d4b3b1c0 ^

08bc9ac03 ^



4d4b3b1c0 ^

08bc9ac03 ^

























































4741e8f9a ^

08bc9ac03 ^




08bc9ac03 ^
















20962ca50 ^


08bc9ac03 ^




































1
2
3

4

5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

25

26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

56

57

58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

94

95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198

199
200
201
202
203
204

205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225

226

227
228
229

230

231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253

254

255
256
257

258

259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276

277

278
279
280

281

282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307

308

309
310
311
312
313
314
315
316
317
318
319
320
321
322

323

324

325
326

327

328
329

330
331

332
333
334

335

336
337
338

339

340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372

373

374
375

376

377
378
379

380

381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410

411

412
413
414

415

416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435

436

437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496

497

498
499
500

501

502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526

527

528
529
530

531

532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588

589

590
591
592
593

594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609

610
611

612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647



                                     
                                         



















                                                                               
                                                                         





























                                                                            
                                 
 



































                                                                                
                   







































































































                                                                               





                                                                       




















                                                                 
                  


                                     
                  






















                                                            
                  


                                                             
                  

















                                                                         
                  


                                     
                  

























                                                                               
              













                                                                     
                               
                                                                   

                  
                                                                   

                  

                                                                      


                                                                       
                                              


                                                                       
                                              
































                                       
            

                                                                         
                        


                                     
                  





























                                        
                  


                                     
                  



















                                                 
                                



























































                                                                
                    


                                       
                    
























                                                                         
                  


                                     
                  
























































                                                                           
                          



                                                              















                                                                  

                       



































                                                           
#
#
#            Nimrod's Runtime Library
#        (c) Copyright 2010 Andreas Rumpf
#
#    See the file "copying.txt", included in this
#    distribution, for details about the copyright.
#

## This module implements a simple high performance `XML`:idx: / `HTML`:idx:
## parser. 
## The only encoding that is supported is UTF-8. The parser has been designed
## to be somewhat error correcting, so that even most "wild HTML" found on the 
## web can be parsed with it. **Note:** This parser does not check that each
## ``<tag>`` has a corresponding ``</tag>``! These checks have do be 
## implemented by the client code for various reasons: 
##
## * Old HTML contains tags that have no end tag: ``<br>`` for example.
## * HTML tags are case insensitive, XML tags are case sensitive. Since this
##   library can parse both, only the client knows which comparison is to be
##   used.
## * Thus the checks would have been very difficult to implement properly with
##   little benefit, especially since they are simple to implement in the 
##   client. The client should use the `errorMsgExpected` proc to generate
##   a nice error message that fits the other error messages this library
##   creates.
##
##
## Example 1: Retrieve HTML title
## ==============================
##
## The file ``examples/htmltitle.nim`` demonstrates how to use the 
## XML parser to accomplish a simple task: To determine the title of an HTML
## document.
##
## .. code-block:: nimrod
##     :file: examples/htmltitle.nim
##
##
## Example 2: Retrieve all HTML links
## ==================================
##
## The file ``examples/htmlrefs.nim`` demonstrates how to use the 
## XML parser to accomplish another simple task: To determine all the links 
## an HTML document contains.
##
## .. code-block:: nimrod
##     :file: examples/htmlrefs.nim
##

import 
  hashes, strutils, lexbase, streams, unicode

# the parser treats ``<br />`` as ``<br></br>``

#  xmlElementCloseEnd, ## ``/>`` 

type 
  TXmlEventKind* = enum ## enumation of all events that may occur when parsing
    xmlError,           ## an error ocurred during parsing
    xmlEof,             ## end of file reached
    xmlCharData,        ## character data
    xmlWhitespace,      ## whitespace has been parsed
    xmlComment,         ## a comment has been parsed
    xmlPI,              ## processing instruction (``<?name something ?>``)
    xmlElementStart,    ## ``<elem>``
    xmlElementEnd,      ## ``</elem>``
    xmlElementOpen,     ## ``<elem 
    xmlAttribute,       ## ``key = "value"`` pair
    xmlElementClose,    ## ``>`` 
    xmlCData,           ## ``<![CDATA[`` ... data ... ``]]>``
    xmlEntity,          ## &entity;
    xmlSpecial          ## ``<! ... data ... >``
    
  TXmlError* = enum          ## enumeration that lists all errors that can occur
    errNone,                 ## no error
    errEndOfCDataExpected,   ## ``]]>`` expected
    errNameExpected,         ## name expected
    errSemicolonExpected,    ## ``;`` expected
    errQmGtExpected,         ## ``?>`` expected
    errGtExpected,           ## ``>`` expected
    errEqExpected,           ## ``=`` expected
    errQuoteExpected,        ## ``"`` or ``'`` expected
    errEndOfCommentExpected  ## ``-->`` expected
    
  TParserState = enum 
    stateStart, stateNormal, stateAttr, stateEmptyElementTag, stateError

  TXmlParseOption* = enum  ## options for the XML parser
    reportWhitespace,      ## report whitespace
    reportComments         ## report comments

  TXmlParser* = object of TBaseLexer ## the parser object.
    a, b, c: string
    kind: TXmlEventKind
    err: TXmlError
    state: TParserState
    filename: string
    options: set[TXmlParseOption]
 
const
  errorMessages: array [TXmlError, string] = [
    "no error",
    "']]>' expected",
    "name expected",
    "';' expected",
    "'?>' expected",
    "'>' expected",
    "'=' expected",
    "'\"' or \"'\" expected",
    "'-->' expected"
  ]

proc open*(my: var TXmlParser, input: PStream, filename: string,
           options: set[TXmlParseOption] = {}) =
  ## initializes the parser with an input stream. `Filename` is only used
  ## for nice error messages. The parser's behaviour can be controlled by
  ## the `options` parameter: If `options` contains ``reportWhitespace``
  ## a whitespace token is reported as an ``xmlWhitespace`` event.
  ## If `options` contains ``reportComments`` a comment token is reported as an
  ## ``xmlComment`` event. 
  lexbase.open(my, input)
  my.filename = filename
  my.state = stateStart
  my.kind = xmlError
  my.a = ""
  my.b = ""
  my.options = options
  
proc close*(my: var TXmlParser) {.inline.} = 
  ## closes the parser `my` and its associated input stream.
  lexbase.close(my)

proc charData*(my: TXmlParser): string {.inline.} = 
  ## returns the character data for the events: ``xmlCharData``, 
  ## ``xmlWhitespace``, ``xmlComment``, ``xmlCData``, ``xmlSpecial``
  assert(my.kind in {xmlCharData, xmlWhitespace, xmlComment, xmlCData, 
                     xmlSpecial})
  return my.a

proc kind*(my: TXmlParser): TXmlEventKind {.inline.} = 
  ## returns the current event type for the XML parser
  return my.kind

proc elementName*(my: TXmlParser): string {.inline.} = 
  ## returns the element name for the events: ``xmlElementStart``, 
  ## ``xmlElementEnd``, ``xmlElementOpen``
  assert(my.kind in {xmlElementStart, xmlElementEnd, xmlElementOpen})
  return my.a

proc entityName*(my: TXmlParser): string {.inline.} = 
  ## returns the entity name for the event: ``xmlEntity``
  assert(my.kind == xmlEntity)
  return my.a
  
proc attrKey*(my: TXmlParser): string {.inline.} = 
  ## returns the attribute key for the event ``xmlAttribute``
  assert(my.kind == xmlAttribute)
  return my.a
  
proc attrValue*(my: TXmlParser): string {.inline.} = 
  ## returns the attribute value for the event ``xmlAttribute``
  assert(my.kind == xmlAttribute)
  return my.b

proc PIName*(my: TXmlParser): string {.inline.} = 
  ## returns the processing instruction name for the event ``xmlPI``
  assert(my.kind == xmlPI)
  return my.a

proc PIRest*(my: TXmlParser): string {.inline.} = 
  ## returns the rest of the processing instruction for the event ``xmlPI``
  assert(my.kind == xmlPI)
  return my.b

proc getColumn*(my: TXmlParser): int {.inline.} = 
  ## get the current column the parser has arrived at.
  result = getColNumber(my, my.bufPos)

proc getLine*(my: TXmlParser): int {.inline.} = 
  ## get the current line the parser has arrived at.
  result = my.linenumber

proc getFilename*(my: TXmlParser): string {.inline.} = 
  ## get the filename of the file that the parser processes.
  result = my.filename
  
proc errorMsg*(my: TXmlParser): string = 
  ## returns a helpful error message for the event ``xmlError``
  assert(my.kind == xmlError)
  result = "$1($2, $3) Error: $4" % [
    my.filename, $getLine(my), $getColumn(my), errorMessages[my.err]]

proc errorMsgExpected*(my: TXmlParser, tag: string): string = 
  ## returns an error message "<tag> expected" in the same format as the
  ## other error messages 
  result = "$1($2, $3) Error: $4" % [
    my.filename, $getLine(my), $getColumn(my), "<$1> expected" % tag]

proc errorMsg*(my: TXmlParser, msg: string): string = 
  ## returns an error message with text `msg` in the same format as the
  ## other error messages 
  result = "$1($2, $3) Error: $4" % [
    my.filename, $getLine(my), $getColumn(my), msg]
    
proc markError(my: var TXmlParser, kind: TXmlError) {.inline.} = 
  my.err = kind
  my.state = stateError

proc parseCDATA(my: var TXMLParser) = 
  var pos = my.bufpos + len("<![CDATA[")
  var buf = my.buf
  while true:
    case buf[pos] 
    of ']':
      if buf[pos+1] == ']' and buf[pos+2] == '>':
        inc(pos, 3)
        break
      add(my.a, ']')
      inc(pos)
    of '\0': 
      markError(my, errEndOfCDataExpected)
      break
    of '\c': 
      pos = lexbase.HandleCR(my, pos)
      buf = my.buf
      add(my.a, '\L')
    of '\L': 
      pos = lexbase.HandleLF(my, pos)
      buf = my.buf
      add(my.a, '\L')
    else:
      add(my.a, buf[pos])
      inc(pos)    
  my.bufpos = pos # store back
  my.kind = xmlCDATA

proc parseComment(my: var TXMLParser) = 
  var pos = my.bufpos + len("<!--")
  var buf = my.buf
  while true:
    case buf[pos] 
    of '-':
      if buf[pos+1] == '-' and buf[pos+2] == '>':
        inc(pos, 3)
        break
      if my.options.contains(reportComments): add(my.a, '-')
      inc(pos)
    of '\0': 
      markError(my, errEndOfCommentExpected)
      break
    of '\c': 
      pos = lexbase.HandleCR(my, pos)
      buf = my.buf
      if my.options.contains(reportComments): add(my.a, '\L')
    of '\L': 
      pos = lexbase.HandleLF(my, pos)
      buf = my.buf
      if my.options.contains(reportComments): add(my.a, '\L')
    else:
      if my.options.contains(reportComments): add(my.a, buf[pos])
      inc(pos)
  my.bufpos = pos
  my.kind = xmlComment

proc parseWhitespace(my: var TXmlParser, skip=False) = 
  var pos = my.bufpos
  var buf = my.buf
  while true: 
    case buf[pos]
    of ' ', '\t': 
      if not skip: add(my.a, buf[pos])
      Inc(pos)
    of '\c':  
      # the specification says that CR-LF, CR are to be transformed to LF
      pos = lexbase.HandleCR(my, pos)
      buf = my.buf
      if not skip: add(my.a, '\L')
    of '\L': 
      pos = lexbase.HandleLF(my, pos)
      buf = my.buf
      if not skip: add(my.a, '\L')
    else:
      break
  my.bufpos = pos

const
  NameStartChar = {'A'..'Z', 'a'..'z', '_', ':', '\128'..'\255'}
  NameChar = {'A'..'Z', 'a'..'z', '0'..'9', '.', '-', '_', ':', '\128'..'\255'}

proc parseName(my: var TXmlParser, dest: var string) = 
  var pos = my.bufpos
  var buf = my.buf
  if buf[pos] in nameStartChar: 
    while true:
      add(dest, buf[pos])
      inc(pos)
      if buf[pos] notin NameChar: break
    my.bufpos = pos
  else:
    markError(my, errNameExpected)

proc parseEntity(my: var TXmlParser, dest: var string) = 
  var pos = my.bufpos+1
  var buf = my.buf
  my.kind = xmlCharData
  if buf[pos] == '#':
    var r: int
    inc(pos)
    if buf[pos] == 'x': 
      inc(pos)
      while true:
        case buf[pos]
        of '0'..'9': r = (r shl 4) or (ord(buf[pos]) - ord('0'))
        of 'a'..'f': r = (r shl 4) or (ord(buf[pos]) - ord('a') + 10)
        of 'A'..'F': r = (r shl 4) or (ord(buf[pos]) - ord('A') + 10)
        else: break
        inc(pos)
    else:
      while buf[pos] in {'0'..'9'}: 
        r = r * 10 + (ord(buf[pos]) - ord('0'))
        inc(pos)
    add(dest, toUTF8(TRune(r)))
  elif buf[pos] == 'l' and buf[pos+1] == 't' and buf[pos+2] == ';':
    add(dest, '<')
    inc(pos, 2)
  elif buf[pos] == 'g' and buf[pos+1] == 't' and buf[pos+2] == ';':
    add(dest, '>')
    inc(pos, 2)
  elif buf[pos] == 'a' and buf[pos+1] == 'm' and buf[pos+2] == 'p' and
      buf[pos+3] == ';':
    add(dest, '&')
    inc(pos, 3)
  elif buf[pos] == 'a' and buf[pos+1] == 'p' and buf[pos+2] == 'o' and 
      buf[pos+3] == 's' and buf[pos+4] == ';':
    add(dest, '\'')
    inc(pos, 4)
  elif buf[pos] == 'q' and buf[pos+1] == 'u' and buf[pos+2] == 'o' and 
      buf[pos+3] == 't' and buf[pos+4] == ';':
    add(dest, '"')
    inc(pos, 4)
  else:
    my.bufpos = pos
    parseName(my, dest)
    pos = my.bufpos
    if my.err != errNameExpected: 
      my.kind = xmlEntity
    else:
      add(dest, '&')
  if buf[pos] == ';': 
    inc(pos)
  else:
    markError(my, errSemiColonExpected)
  my.bufpos = pos

proc parsePI(my: var TXmlParser) = 
  inc(my.bufpos, "<?".len)
  parseName(my, my.a)
  var pos = my.bufpos
  var buf = my.buf
  setLen(my.b, 0)
  while true: 
    case buf[pos]
    of '\0':
      markError(my, errQmGtExpected)
      break
    of '?':
      if buf[pos+1] == '>':
        inc(pos, 2)
        break
      add(my.b, '?')
      inc(pos)
    of '\c':
      # the specification says that CR-LF, CR are to be transformed to LF
      pos = lexbase.HandleCR(my, pos)
      buf = my.buf      
      add(my.b, '\L')
    of '\L': 
      pos = lexbase.HandleLF(my, pos)
      buf = my.buf
      add(my.b, '\L')
    else:
      add(my.b, buf[pos])
      inc(pos)
  my.bufpos = pos
  my.kind = xmlPI

proc parseSpecial(my: var TXmlParser) = 
  # things that start with <!
  var pos = my.bufpos + 2
  var buf = my.buf
  var opentags = 0
  while true: 
    case buf[pos]
    of '\0':
      markError(my, errGtExpected)
      break
    of '<': 
      inc(opentags)
      inc(pos)
      add(my.a, '<')
    of '>':
      if opentags <= 0:
        inc(pos)
        break
      dec(opentags)
      inc(pos)
      add(my.a, '>')
    of '\c':  
      pos = lexbase.HandleCR(my, pos)
      buf = my.buf
      add(my.a, '\L')
    of '\L': 
      pos = lexbase.HandleLF(my, pos)
      buf = my.buf
      add(my.a, '\L')
    else:
      add(my.a, buf[pos])
      inc(pos)
  my.bufpos = pos
  my.kind = xmlSpecial

proc parseTag(my: var TXmlParser) = 
  inc(my.bufpos)
  parseName(my, my.a)
  # if we have no name, do not interpret the '<':
  if my.a.len == 0: 
    my.kind = xmlCharData
    add(my.a, '<')
    return
  parseWhitespace(my, skip=True)
  if my.buf[my.bufpos] in NameStartChar: 
    # an attribute follows:
    my.kind = xmlElementOpen
    my.state = stateAttr
    my.c = my.a # save for later
  else:
    my.kind = xmlElementStart
    if my.buf[my.bufpos] == '/' and my.buf[my.bufpos+1] == '>':
      inc(my.bufpos, 2)
      my.state = stateEmptyElementTag
    elif my.buf[my.bufpos] == '>':
      inc(my.bufpos)  
    else:
      markError(my, errGtExpected)
  
proc parseEndTag(my: var TXmlParser) = 
  inc(my.bufpos, 2)
  parseName(my, my.a)
  parseWhitespace(my, skip=True)
  if my.buf[my.bufpos] == '>':
    inc(my.bufpos)
  else:
    markError(my, errGtExpected)
  my.kind = xmlElementEnd

proc parseAttribute(my: var TXmlParser) = 
  my.kind = xmlAttribute
  setLen(my.a, 0)
  setLen(my.b, 0)
  parseName(my, my.a)
  # if we have no name, we have '<tag attr= key %&$$%':
  if my.a.len == 0: 
    markError(my, errGtExpected)
    return
  parseWhitespace(my, skip=True)
  if my.buf[my.bufpos] != '=':
    markError(my, errEqExpected)
    return
  inc(my.bufpos)
  parseWhitespace(my, skip=True)

  var pos = my.bufpos
  var buf = my.buf
  if buf[pos] in {'\'', '"'}:
    var quote = buf[pos]
    var pendingSpace = false
    inc(pos)
    while true: 
      case buf[pos]
      of '\0':
        markError(my, errQuoteExpected)
        break
      of '&': 
        if pendingSpace: 
          add(my.b, ' ')
          pendingSpace = false
        my.bufpos = pos
        parseEntity(my, my.b)
        my.kind = xmlAttribute # parseEntity overwrites my.kind!
        pos = my.bufpos
      of ' ', '\t': 
        pendingSpace = true
        inc(pos)
      of '\c':  
        pos = lexbase.HandleCR(my, pos)
        buf = my.buf
        pendingSpace = true
      of '\L': 
        pos = lexbase.HandleLF(my, pos)
        buf = my.buf
        pendingSpace = true
      else:
        if buf[pos] == quote:
          inc(pos)
          break
        else:
          if pendingSpace: 
            add(my.b, ' ')
            pendingSpace = false
          add(my.b, buf[pos])
          inc(pos)
  else:
    markError(my, errQuoteExpected)  
  my.bufpos = pos
  parseWhitespace(my, skip=True)
  
proc parseCharData(my: var TXmlParser) = 
  var pos = my.bufpos
  var buf = my.buf
  while true: 
    case buf[pos]
    of '\0', '<', '&': break
    of '\c':  
      # the specification says that CR-LF, CR are to be transformed to LF
      pos = lexbase.HandleCR(my, pos)
      buf = my.buf
      add(my.a, '\L')
    of '\L': 
      pos = lexbase.HandleLF(my, pos)
      buf = my.buf
      add(my.a, '\L')
    else:
      add(my.a, buf[pos])
      inc(pos)
  my.bufpos = pos
  my.kind = xmlCharData

proc rawGetTok(my: var TXmlParser) = 
  my.kind = xmlError
  setLen(my.a, 0)
  var pos = my.bufpos
  var buf = my.buf
  case buf[pos]
  of '<': 
    case buf[pos+1]
    of '/':
      parseEndTag(my)
    of '!':
      if buf[pos+2] == '[' and buf[pos+3] == 'C' and buf[pos+4] == 'D' and
          buf[pos+5] == 'A' and buf[pos+6] == 'T' and buf[pos+7] == 'A' and
          buf[pos+8] == '[':
        parseCDATA(my)
      elif buf[pos+2] == '-' and buf[pos+3] == '-': 
        parseComment(my)
      else: 
        parseSpecial(my)
    of '?':
      parsePI(my)
    else: 
      parseTag(my)
  of ' ', '\t', '\c', '\l': 
    parseWhiteSpace(my)
    my.kind = xmlWhitespace
  of '\0': 
    my.kind = xmlEof
  of '&':
    parseEntity(my, my.a)
  else: 
    parseCharData(my)
  assert my.kind != xmlError
    
proc getTok(my: var TXmlParser) = 
  while true:
    rawGetTok(my)
    case my.kind
    of xmlComment: 
      if my.options.contains(reportComments): break
    of xmlWhitespace: 
      if my.options.contains(reportWhitespace): break
    else: break
    
proc next*(my: var TXmlParser) = 
  ## retrieves the first/next event. This controls the parser.
  case my.state
  of stateNormal:
    getTok(my)  
  of stateStart:
    my.state = stateNormal
    getTok(my)
    if my.kind == xmlPI and my.a == "xml": 
      # just skip the first ``<?xml >`` processing instruction
      getTok(my)
  of stateAttr:
    # parse an attribute key-value pair:
    if my.buf[my.bufpos] == '>':
      my.kind = xmlElementClose
      inc(my.bufpos)
      my.state = stateNormal
    elif my.buf[my.bufpos] == '/' and my.buf[my.bufpos+1] == '>': 
      my.kind = xmlElementClose
      inc(my.bufpos, 2)
      my.state = stateEmptyElementTag
    else:
      parseAttribute(my)
      # state remains the same
  of stateEmptyElementTag:
    my.state = stateNormal
    my.kind = xmlElementEnd
    if not isNil(my.c):
      my.a = my.c
  of stateError: 
    my.kind = xmlError
    my.state = stateNormal
  
when isMainModule:
  import os
  var s = newFileStream(ParamStr(1), fmRead)
  if s == nil: quit("cannot open the file" & ParamStr(1))
  var x: TXmlParser
  open(x, s, ParamStr(1))
  while true:
    next(x)
    case x.kind
    of xmlError: Echo(x.errorMsg())
    of xmlEof: break
    of xmlCharData: echo(x.charData)
    of xmlWhitespace: echo("|$1|" % x.charData)
    of xmlComment: echo("<!-- $1 -->" % x.charData)
    of xmlPI: echo("<? $1 ## $2 ?>" % [x.PIName, x.PIRest])
    of xmlElementStart: echo("<$1>" % x.elementName)
    of xmlElementEnd: echo("</$1>" % x.elementName)
    
    of xmlElementOpen: echo("<$1" % x.elementName) 
    of xmlAttribute:   
      echo("Key: " & x.attrKey)
      echo("Value: " & x.attrValue)
    
    of xmlElementClose: echo(">") 
    of xmlCData:
      echo("<![CDATA[$1]]>" % x.charData)
    of xmlEntity:
      echo("&$1;" % x.entityName)
    of xmlSpecial:
      echo("SPECIAL: " & x.charData)
  close(x)