Test xs:string for valid characters according to the XML 1.1 specifications

Author: tvdijen

src/XML/Assert/StringTrait.php

@@ -4,6 +4,8 @@
 
 namespace SimpleSAML\XML\Assert;
 
+use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
+
 /**
  * @package simplesamlphp/xml-common
  */
@@ -15,5 +17,10 @@ trait StringTrait
      */
     protected static function validString(string $value, string $message = ''): void
     {
+        Assert::regex(
+            $value,
+            '/^[\x09\x0A\x0D\x20-\xD7FF\xE000-\xFFFD\x{10000}-\x{10FFFF}]*$/u',
+            SchemaViolationException::class,
+        );
     }
 }

src/XMLSchema/Type/StringValue.php

@@ -4,6 +4,8 @@
 
 namespace SimpleSAML\XMLSchema\Type;
 
+use SimpleSAML\XML\Assert\Assert;
+use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
 use SimpleSAML\XMLSchema\Type\Interface\AbstractAnySimpleType;
 
 /**
@@ -12,4 +14,16 @@
 class StringValue extends AbstractAnySimpleType
 {
     public const string SCHEMA_TYPE = 'string';
+
+
+    /**
+     * Validate the value.
+     *
+     * @param string $value
+     * @throws \SimpleSAML\XMLSchema\Exception\SchemaViolationException on failure
+     */
+    protected function validateValue(string $value): void
+    {
+        Assert::validString($value, SchemaViolationException::class);
+    }
 }

tests/XML/Assert/StringTest.php

@@ -10,6 +10,8 @@
 use SimpleSAML\Assert\AssertionFailedException;
 use SimpleSAML\XML\Assert\Assert;
 
+use function chr;
+
 /**
  * Class \SimpleSAML\Test\XML\Assert\StringTest
  *
@@ -42,6 +44,8 @@ public static function provideString(): array
         return [
             'preserve spaces' => [true, '  Snoopy  '],
             'replace whitespace' => [true, "  Snoopy\t\n\rrulez  "],
+            'html' => [true, "<em>SimpleSAMLphp</em>"],
+            'invalid character' => [false, "Valid text with " . chr(0) . " invalid null byte"],
         ];
     }
 }