You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Elliotte Harold <el...@metalab.unc.edu> on 2005/02/03 00:09:15 UTC
xml:base bug in exclusive canonicalization
This probably isn't a bug in XML-Security. However I suspect it's a
problem with more recent versions of Xalan or Xerces or some such that
affects XML-security. The same program that I wrote about in my earlier
message generates output like the following when it's pulling in
elements from external entities:
<doc>Data
<e
xml:base="file:/Users/elharo/Projects/XOM/data/canonical/xmlconf/xmltest/valid/ext-sa/006.ent"></e>
More data
<e
xml:base="file:/Users/elharo/Projects/XOM/data/canonical/xmlconf/xmltest/valid/ext-sa/006.ent"></e>
</doc>
The problem, obviously, are the extra xml:base attributes. The original
document looked like this:
<doc>Data
<e
xml:base="file:/Users/elharo/Projects/XOM/data/canonical/xmlconf/xmltest/valid/ext-sa/006.ent"></e>
More data
<e
xml:base="file:/Users/elharo/Projects/XOM/data/canonical/xmlconf/xmltest/valid/ext-sa/006.ent"></e>
</doc>
006.ent was
Data
<e/>
More data
<e/>
I'm not sure what part of the tool chain is taking it upon itself to add
the xml:base attributes. Probably Xerces.
I'd guess this is an issue with a specific version of Xerces. I ran this
on Mac OS X with 1.4.2 using the Xerces Jar that's bundled with
XML-Security 1.2. It's possible I'm not actually using that and instead
picking up an earlier version bundled with the JDK, but I don't think
so. However, if you can't reproduce this holler and I'll look more closely.
--
Elliotte Rusty Harold elharo@metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim