xml2json doesn't check if input XML is well-formed

[giulioturetta]

Calling xml2json method
curl -X POST --data-binary "$XML_INLINE" https://services.phaidra.univie.ac.at/api/rights/xml2json
where XML_INLINE content is a malformed XML (missing '<' in uwr:allow> tag)
<uwr:rights xmlns:uwr="http://phaidra.univie.ac.at/XML/V1.0/rights"> uwr:allow> <uwr:username expires="2017-04-06T09:11:51Z">hudakr4</uwr:username> <uwr:faculty>A0</uwr:faculty> <uwr:gruppe>3111</uwr:gruppe> <uwr:spl>21</uwr:spl> <uwr:perfunk>8129</uwr:perfunk> <uwr:gruppe>3112</uwr:gruppe> </uwr:allow> </uwr:rights>
fails silently.

Calling the same xml2json method with a slightly different malformed XML (truncated </uwr:user tag)
<uwr:rights xmlns:uwr="http://phaidra.univie.ac.at/XML/V1.0/rights"> <uwr:allow> <uwr:username expires="2017-04-06T09:11:51Z">hudakr4</uwr:user <uwr:faculty>A0</uwr:faculty> <uwr:gruppe>3111</uwr:gruppe> <uwr:spl>21</uwr:spl> <uwr:perfunk>8129</uwr:perfunk> <uwr:gruppe>3112</uwr:gruppe> </uwr:allow> </uwr:rights>
returns
{"metadata":{"alerts":[],"rights":{"username":[{"expires":"2017-04-06T09:11:51Z","value":"hudakr4<\/uwr:user\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t"}]}}}

It seems Mojo:DOM doesn't check if input XML is well-formed while parsing.

Expected behaviour
Check if input XML is well-formed before interpreting it.

[giulioturetta]

Addendum: Mojo::DOM documentation https://mojolicious.org/perldoc/Mojo/DOM#DESCRIPTION states that "[Mojo::DOM] will even try to interpret broken HTML and XML, so you should not use it for validation."