Some API should be unsafe

[max-ym]

Function borrowed_name (in quick_xml::events::BytesStart) as is stated in documentation - can be used to create BytesStart from a given name. But if you pass (by mistake or intentionally) attribute data in the string alongside with the name this function does not parse those attributes nor verify if actually passed data is a valid name. It will treat any kind of data as a name even if it is not valid! This can lead to hard to find bugs as it is possible to confuse fn borrowed_name with fn borrowed which seem to do similar things but lead to different internal state of BytesStart.

As this function accepts invalid data it should be marked unsafe. The documentation must be more specific about how to use this function and how not. For example, it must be stated that this function does not verify passed data and if user intents to pass attributes too he/she should use fn borrowed.

[dralley]

borrowed_name() doesn't exist anymore (in the current unreleased master branch)

[Mingun]

I don't think that this is done. Yes, the borrowed_name identifier does not exist anymore, but we still have a functions, that should be unsafe in order to not break invariants, like

quick-xml/src/events/mod.rs

Lines 158 to 171 in ad57bc2

	/// Creates a new `BytesStart` from the given content (name + attributes).
	///
	/// # Warning
	///
	/// `&content[..name_len]` must be a valid name, and the remainder of `content`
	/// must be correctly-formed attributes. Neither are checked, it is possible
	/// to generate invalid XML if `content` or `name_len` are incorrect.
	#[inline]
	pub fn from_content<C: Into<Cow<'a, str>>>(content: C, name_len: usize) -> Self {
	BytesStart {
	buf: str_cow_to_bytes(content),
	name_len,
	}
	}