diff --git a/js/src/jsopcode.c b/js/src/jsopcode.c
index 67c608dcc518..ffbea4fe8425 100644
--- a/js/src/jsopcode.c
+++ b/js/src/jsopcode.c
@@ -3256,8 +3256,9 @@ Decompile(SprintStack *ss, jsbytecode *pc, intN nb)
                     return JS_FALSE;
                 todo = SprintPut(&ss->sprinter, "<?", 2);
                 ok = QuoteString(&ss->sprinter, ATOM_TO_STRING(atom), 0) &&
-                     SprintPut(&ss->sprinter, " ", 1) >= 0 &&
-                     SprintCString(&ss->sprinter, rval);
+                     (*rval == '\0' ||
+                      (SprintPut(&ss->sprinter, " ", 1) >= 0 &&
+                       SprintCString(&ss->sprinter, rval)));
                 JS_free(cx, (char *)rval);
                 if (!ok)
                     return JS_FALSE;
diff --git a/js/src/jsscan.c b/js/src/jsscan.c
index d7711fc2f768..3d2ee0a25a65 100644
--- a/js/src/jsscan.c
+++ b/js/src/jsscan.c
@@ -1697,19 +1697,21 @@ retry:
                     }
                     ADD_TO_TOKENBUF(c);
                 }
+                if (targetLength == 0)
+                    goto bad_xml_markup;
+                if (!TOKENBUF_OK())
+                    goto error;
                 if (contentIndex < 0) {
                     atom = cx->runtime->atomState.emptyAtom;
                 } else {
-                    if (!TOKENBUF_OK())
-                        goto error;
                     atom = js_AtomizeChars(cx,
                                            &TOKENBUF_CHAR(contentIndex),
                                            TOKENBUF_LENGTH() - contentIndex,
                                            0);
                     if (!atom)
                         goto error;
-                    TRIM_TOKENBUF(targetLength);
                 }
+                TRIM_TOKENBUF(targetLength);
                 tp->t_atom2 = atom;
                 tt = TOK_XMLPI;