What's Changed

• #964: Fix unreachable!() panic in the serde deserializer when a DOCTYPE declaration appears between two text runs inside an element (e.g. <a>x<!DOCTYPE y>z</a>). The DOCTYPE used to break drain_text's consecutive-text merge, so two DeEvent::Text events reached read_text and tripped its "Cannot be two consequent Text events" invariant. DOCTYPE is now treated as transparent during text drain — it still goes through the entity resolver, but the surrounding text is merged into one run. Discovered via libFuzzer on a real-world SAML deserializer harness.

New Contributors

• @williamareynolds made their first contribution in #964

Full Changelog: v0.40.0...v0.40.1

What's Changed

MSRV bumped to 1.79.

Now quick-xml supports the UTF-16 and ISO-2022-JP encoded documents. See the new DecodingReader type.

New Features

• #956: Add DecodingReader, a BufRead adapter that auto-detects encoding from BOM or XML declaration and transcodes to UTF-8. Enabled by the encoding feature.

• #938: Add new enumeration XmlVersion and typified getter BytesDecl::xml_version().

• #938: Add new error variant IllFormedError::UnknownVersion.

• #371: Add new error variant EscapeError::TooManyNestedEntities.

• #371: Improved compliance with the XML attribute value normalization process by adding

  • Attribute::normalized_value()
  • Attribute::normalized_value_with()
  • Attribute::decoded_and_normalized_value()
  • Attribute::decoded_and_normalized_value_with()

  which ought to be used in place of deprecated

  • Attribute::unescape_value()
  • Attribute::unescape_value_with()
  • Attribute::decode_and_unescape_value()
  • Attribute::decode_and_unescape_value_with()

  Deprecated functions now behaves the same as newly added.

Bug Fixes

• #938: Use correct rules for EOL normalization in Deserializer when parse XML 1.0 documents. Previously XML 1.1. rules was applied.

Misc Changes

• #914: Remove deprecated .prefixes(), .resolve(), .resolve_attribute(), and .resolve_element() of NsReader. Use .resolver().<...> methods instead.
• #938: Now BytesText::xml_content, BytesCData::xml_content and BytesRef::xml_content accepts XmlVersion parameter to apply correct EOL normalization rules.
• #944: read_text() now returns BytesText which allows you to get the content with properly normalized EOLs. To get the previous behavior use .read_text().decode()?.
• #956: Bumped MSRV from 1.59 (Feb 2022) to 1.79 (June 2024)

New Contributors

• @dobermai made their first contribution in #958

Full Changelog: v0.39.4...v0.40.0

Bug Fixes

• #957: Fix slice-index panic when reading malformed DTD whose unknown markup is split across BufReader chunks. As with #950, the returned Event::DocType may contain the malformed DTD; this fix only ensures that the parser does not panic.
• #960: Fix sibling slice-index panic when a single chunk delivers < followed by 9+ bytes of unknown markup inside a DTD internal subset. Same disposition as #957 / #950: parser must not panic; DTD validity reporting is a future improvement.

Full Changelog: v0.39.3...v0.39.4

Bug Fixes

• #950: Fix subtraction with overflow when parse malformed DTD in some cases. Note, that currently we do not check the validity of DTD, so the returned Event::DocType may contain the malformed DTD.

Full Changelog: v0.39.2...v0.39.3

What's Changed

New Features

• #483: Implement read_text_into() and read_text_into_async().

Bug Fixes

• #939: Fix parsing error of the tag from buffered reader, when the first byte < is the last in the BufRead internal buffer. This is the regression from #936.

Full Changelog: v0.39.1...v0.39.2

What's Changed

New Features

• #598: Add method NamespaceResolver::set_level which may be helpful in some circumstances.

Bug Fixes

• #597: Fix incorrect processing of namespace scopes in NsReader::read_to_end, NsReader::read_to_end_into, NsReader::read_to_end_into_async and NsReader::read_text. The scope started by a start element was not ended after that call.
• #936: Fix incorrect result of .read_text() when it is called after reading Text or GeneralRef event.

What's Changed

Added a way to configure Writer. Now all configuration is contained in the writer::Config
struct and can be applied at once. When serde-types feature is enabled, configuration is serializable.

New Features

• #846: Add methods config() and config_mut() to inspect and change the writer configuration.
• #846: Add ability to write space before /> in self-closed tags for maximum compatibility with XHTML.
• #846: Add method empty_element_handling() as a more powerful alternative to expand_empty_elements() in Serializer.
• #929: Allow to pass list of field names to impl_deserialize_for_internally_tagged_enum! macro which is required if you enum variants contains $value fields.

Bug Fixes

• #923: Implement correct skipping of well-formed DTD.

Misc Changes

• #908: Increase minimal supported serde version from 1.0.139 to 1.0.180.
• #913: Deprecate .prefixes(), .resolve(), .resolve_attribute(), and .resolve_element() of NsReader. Use .resolver().bindings() and .resolver().resolve() methods instead.
• #913: Attributes::has_nil now accepts NamespaceResolver instead of Reader<R>.
• #924: (breaking change) Split SyntaxError::UnclosedPIOrXmlDecl into UnclosedPI and UnclosedXmlDecl for more precise error reporting.
• #924: (breaking change) Parser::eof_error now takes &self and content &[u8] parameters.
• #926: (breaking change) Split SyntaxError::UnclosedTag into UnclosedTag,
  UnclosedSingleQuotedAttributeValue and UnclosedDoubleQuotedAttributeValue for more precise error reporting.

New Contributors

• @rzmk made their first contribution in #920
• @zrneely made their first contribution in #922
• @SuchAFuriousDeath made their first contribution in #924
• @tayu0110 made their first contribution in #925

Full Changelog: v0.38.4...v0.39.0

What's Changed

New Features

• #353: Add ability to serialize textual content as CDATA sections in Serializer. Everywhere where the text node may be created, a CDATA section(s) could be produced instead. See the new Serializer::text_format() method.

Bug Fixes

• #912: Fix deserialization of numbers, booleans and characters that is space-wrapped, for example <int> 42 </int>. That space characters are usually indent added during serialization and other XML serialization libraries trims them

Misc Changes

• #901: Fix running tests on 32-bit architecture
• #909: Avoid some allocations in the Serializer

New Contributors

• @Ninja3047 made their first contribution in #904
• @alexanderkjall made their first contribution in #901

Full Changelog: v0.38.3...v0.38.4

What's Changed

Bug Fixes

• #895: Fix incorrect normalization of \rX EOL sequences where X is a char which is UTF-8 encoded as [c2 xx], except [c2 85].

Misc Changes

• #895: Add new xml10_content() and xml11_content() methods which behaves the same as html_content() and xml_content() methods, but express intention more clearly.

Full Changelog: v0.38.2...v0.38.3

What's Changed

New Features

• #893: Implement FusedIterator for NamespaceBindingsIter.
• #893: Make NamespaceResolver public.
• #893: Add NsReader::resolver() for access to namespace resolver.

Misc Changes

• #893: Rename PrefixIter to NamespaceBindingsIter.

New Contributors

• @decathorpe made their first contribution in #891

Full Changelog: v0.38.1...v0.38.2