Test xs:string for valid characters according to the XML 1.1 specifications

Author: tvdijen

src/XML/Assert/StringTrait.php

@@ -4,16 +4,51 @@
 
 namespace SimpleSAML\XML\Assert;
 
+use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
+
 /**
  * @package simplesamlphp/xml-common
  */
 trait StringTrait
 {
+    private static string $string_regex = '/^
+        [
+            \x09
+            \x0A
+            \x0D
+            \x{20}-\x{7E}
+            \x{85}
+            \x{A0}-\x{D7FF}
+            \x{E000}-\x{FDCF}
+            \x{FDF0}-\x{FFFD}
+            \x{10000}-\x{1FFFD}
+            \x{20000}-\x{2FFFD}
+            \x{30000}-\x{3FFFD}
+            \x{40000}-\x{4FFFD}
+            \x{50000}-\x{5FFFD}
+            \x{60000}-\x{6FFFD}
+            \x{70000}-\x{7FFFD}
+            \x{80000}-\x{8FFFD}
+            \x{90000}-\x{9FFFD}
+            \x{A0000}-\x{AFFFD}
+            \x{B0000}-\x{BFFFD}
+            \x{C0000}-\x{CFFFD}
+            \x{D0000}-\x{DFFFD}
+            \x{E0000}-\x{EFFFD}
+            \x{F0000}-\x{FFFFD}
+            \x{100000}-\x{10FFFD}
+        ]*$/Dxu';
+
     /**
      * @param string $value
      * @param string $message
      */
     protected static function validString(string $value, string $message = ''): void
     {
+        Assert::regex(
+            $value,
+            self::$string_regex,
+            SchemaViolationException::class,
+        );
     }
 }

src/XMLSchema/Type/StringValue.php

@@ -4,6 +4,8 @@
 
 namespace SimpleSAML\XMLSchema\Type;
 
+use SimpleSAML\XML\Assert\Assert;
+use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
 use SimpleSAML\XMLSchema\Type\Interface\AbstractAnySimpleType;
 
 /**
@@ -12,4 +14,16 @@
 class StringValue extends AbstractAnySimpleType
 {
     public const string SCHEMA_TYPE = 'string';
+
+
+    /**
+     * Validate the value.
+     *
+     * @param string $value
+     * @throws \SimpleSAML\XMLSchema\Exception\SchemaViolationException on failure
+     */
+    protected function validateValue(string $value): void
+    {
+        Assert::validString($value, SchemaViolationException::class);
+    }
 }

tests/XML/Assert/StringTest.php

@@ -9,6 +9,9 @@
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\Assert\AssertionFailedException;
 use SimpleSAML\XML\Assert\Assert;
+use SimpleSAML\XMLSchema\Exception\SchemaViolationException;
+
+use function chr;
 
 /**
  * Class \SimpleSAML\Test\XML\Assert\StringTest
@@ -28,7 +31,7 @@ public function testString(bool $shouldPass, string $str): void
         try {
             Assert::validString($str);
             $this->assertTrue($shouldPass);
-        } catch (AssertionFailedException $e) {
+        } catch (AssertionFailedException|SchemaViolationException $e) {
             $this->assertFalse($shouldPass);
         }
     }
@@ -42,6 +45,9 @@ public static function provideString(): array
         return [
             'preserve spaces' => [true, '  Snoopy  '],
             'replace whitespace' => [true, "  Snoopy\t\n\rrulez  "],
+            'html' => [true, "<em>SimpleSAMLphp</em>"],
+            'unicode' => [true, 'ünïcöde €Φ汉'],
+            'invalid character' => [false, "Valid text with " . chr(0) . " invalid null byte"],
         ];
     }
 }