marxml 0.1.0

Fast markdown + XML query and mutation. Rust core for the marxml ecosystem.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249

//! Token stream → element tree.
//!
//! Stack-based assembler. Same-tag nesting (`<a><a/></a>`) is supported —
//! every `Open` pushes onto the stack and every `Close` pops, with name-match
//! enforcement.
//!
//! Duplicate `id` detection is scoped to siblings under the same parent.
//! `<a><task id="1"/></a><b><task id="1"/></b>` is accepted because the two
//! `task` elements live in different parents; only repeats within the same
//! parent's children are rejected.

use std::collections::{HashMap, HashSet};

use crate::error::ParseError;
use crate::tokenizer::{tokenize, Token, TokenStream};
use crate::types::{ElementData, SourcePosition, SourceSpan};
use crate::Markdown;

/// Maximum depth of element nesting accepted by the parser.
///
/// Adversarial documents with thousands of nested tags would otherwise let
/// recursive tree walks (validation, serialization, selector matching) blow
/// the stack. The limit is intentionally generous for hand-authored markdown
/// while staying well below the default Rust stack size.
pub const MAX_DEPTH: u32 = 1024;

/// Maximum byte length of input accepted by the parser.
///
/// Source positions are stored as `u32` for compact element storage; inputs
/// larger than this cannot have their offsets tracked accurately and are
/// rejected up front rather than silently producing wrong spans.
///
/// The bound is `u32::MAX - 1` (not `u32::MAX`) so the worst-case line
/// counter `1 + count('\n')` is always ≤ `u32::MAX`. With the tighter cap
/// the line bump can use `saturating_add` for safety without ever actually
/// saturating on a well-formed input.
pub const MAX_INPUT_BYTES: usize = u32::MAX as usize - 1;

/// Parse a full markdown+XML document.
///
/// # Errors
///
/// Returns [`ParseError`] on malformed tags, unmatched close tags, unclosed
/// tags, duplicate sibling `id` attributes within the same parent and tag
/// name, nesting deeper than [`MAX_DEPTH`], or inputs larger than
/// [`MAX_INPUT_BYTES`].
pub fn parse(input: &str) -> Result<Markdown, ParseError> {
    parse_owned(input.to_string())
}

/// Parse a fragment.
///
/// Currently identical to [`parse`]. Kept as a separate entry point so a
/// future divergence (e.g. doctype rejection on `parse_fragment`) can land
/// without a breaking rename.
///
/// # Errors
///
/// See [`parse`].
pub fn parse_fragment(input: &str) -> Result<Markdown, ParseError> {
    parse(input)
}

/// Parse a document, moving in the owned source string instead of cloning
/// it. Use this when you already own a `String` and want to avoid the
/// allocation that [`parse`] would do internally.
///
/// # Errors
///
/// See [`parse`].
pub fn parse_owned(input: String) -> Result<Markdown, ParseError> {
    if input.len() > MAX_INPUT_BYTES {
        return Err(ParseError::InputTooLarge {
            size: input.len() as u64,
            max: MAX_INPUT_BYTES as u64,
        });
    }
    let stream = tokenize(&input)?;
    assemble(input, stream)
}

/// Per-scope duplicate-id tracking: `tag -> set of ids seen at this scope`.
type IdScope = HashMap<String, HashSet<String>>;

struct Frame {
    name: String,
    attrs: Vec<(String, String)>,
    body_start: usize,
    span_start: SourcePosition,
    children: Vec<ElementData>,
    /// Sibling-scoped duplicate-id tracker for the children of this frame.
    /// Lazily allocated — only created when an id-bearing child appears.
    seen_ids: Option<IdScope>,
}

fn assemble(input: String, stream: TokenStream) -> Result<Markdown, ParseError> {
    let TokenStream { tokens, trivia } = stream;
    let mut stack: Vec<Frame> = Vec::new();
    let mut roots: Vec<ElementData> = Vec::new();
    let mut root_seen: Option<IdScope> = None;

    for token in tokens {
        match token {
            Token::Open {
                name,
                attrs,
                span,
                body_start,
            } => {
                if stack.len() >= MAX_DEPTH as usize {
                    return Err(ParseError::MaxDepthExceeded {
                        tag: name,
                        max: MAX_DEPTH,
                        line: span.start.line,
                    });
                }
                stack.push(Frame {
                    name,
                    attrs,
                    body_start,
                    span_start: span.start,
                    children: Vec::new(),
                    seen_ids: None,
                });
            }

            Token::SelfClose { name, attrs, span } => {
                // The self-close is a leaf, so total tree depth at this node
                // equals the open-frame stack + 1. Enforce that the tree
                // depth never exceeds MAX_DEPTH (so downstream recursive
                // walkers see the same bound as the parser advertises).
                if stack.len() >= MAX_DEPTH as usize {
                    return Err(ParseError::MaxDepthExceeded {
                        tag: name,
                        max: MAX_DEPTH,
                        line: span.start.line,
                    });
                }
                let scope = current_scope(&mut stack, &mut root_seen);
                check_duplicate_id(&name, &attrs, span.start.line, scope)?;
                let empty_pos = span.end.offset_usize();
                let elem = ElementData {
                    tag: name,
                    attrs,
                    content_range: empty_pos..empty_pos,
                    children: Vec::new(),
                    span,
                    self_closing: true,
                };
                push_element(elem, &mut stack, &mut roots);
            }

            Token::Close {
                name,
                span,
                body_end,
            } => {
                // let-else lets the error path move `name` directly instead
                // of cloning to satisfy the `ok_or_else` closure.
                let Some(frame) = stack.pop() else {
                    return Err(ParseError::StrayClose {
                        tag: name,
                        line: span.start.line,
                    });
                };
                if frame.name != name {
                    return Err(ParseError::MismatchedClose {
                        found: name,
                        expected: frame.name,
                        line: span.start.line,
                    });
                }
                let scope = current_scope(&mut stack, &mut root_seen);
                check_duplicate_id(&frame.name, &frame.attrs, frame.span_start.line, scope)?;
                let full_span = SourceSpan {
                    start: frame.span_start,
                    end: span.end,
                };
                let elem = ElementData {
                    tag: frame.name,
                    attrs: frame.attrs,
                    content_range: frame.body_start..body_end,
                    children: frame.children,
                    span: full_span,
                    self_closing: false,
                };
                push_element(elem, &mut stack, &mut roots);
            }
        }
    }

    if let Some(unclosed) = stack.pop() {
        return Err(ParseError::UnclosedTag {
            tag: unclosed.name,
            line: unclosed.span_start.line,
        });
    }

    Ok(Markdown::from_parts(input, roots, trivia))
}

fn push_element(elem: ElementData, stack: &mut [Frame], roots: &mut Vec<ElementData>) {
    if let Some(top) = stack.last_mut() {
        top.children.push(elem);
    } else {
        roots.push(elem);
    }
}

/// The duplicate-id scope for the element currently being finalized — the
/// children-list of the enclosing frame, or the root scope when there is none.
fn current_scope<'a>(
    stack: &'a mut [Frame],
    root: &'a mut Option<IdScope>,
) -> &'a mut Option<IdScope> {
    if let Some(top) = stack.last_mut() {
        &mut top.seen_ids
    } else {
        root
    }
}

fn check_duplicate_id(
    tag: &str,
    attrs: &[(String, String)],
    line: u32,
    seen: &mut Option<IdScope>,
) -> Result<(), ParseError> {
    let Some(id) = attrs
        .iter()
        .find(|(k, _)| k == "id")
        .map(|(_, v)| v.as_str())
    else {
        return Ok(());
    };
    let scope = seen.get_or_insert_with(HashMap::new);
    if !scope
        .entry(tag.to_string())
        .or_default()
        .insert(id.to_string())
    {
        return Err(ParseError::DuplicateId {
            tag: tag.to_string(),
            id: id.to_string(),
            line,
        });
    }
    Ok(())
}