[nimish]

`encoding/xml` has had broken handling of namespaces for a long time. It’s possible to hack it on but the only reasonable choice is to use a libxml2 binding which also gets you canonicalization, another can of worms.

Unsurprised it can cause security issues, especially in XML-DSig which is a nightmare to handle correctly.

[blablabla123]

Yup, I think it becomes very quickly obvious when using `encoding/xml` with XMLs that have multiple namespaces that the handling is incomplete. Hard to believe such an xml could even survive one roundtrip. It's also documented that the implementation is incomplete:

Mapping between XML elements and data structures is inherently flawed ... See package json for a textual representation more suitable to data structures.