xml:base bug in exclusive canonicalization

[Elliotte Harold <el...@metalab.unc.edu>]

This probably isn't a bug in XML-Security. However I suspect it's a 
problem with more recent versions of Xalan or Xerces or some such that 
affects XML-security. The same program that I wrote about in my earlier 
message generates output like the following when it's pulling in 
elements from external entities:

<doc>Data
<e 
xml:base="file:/Users/elharo/Projects/XOM/data/canonical/xmlconf/xmltest/valid/ext-sa/006.ent"></e>
More data
<e 
xml:base="file:/Users/elharo/Projects/XOM/data/canonical/xmlconf/xmltest/valid/ext-sa/006.ent"></e>
</doc>


The problem, obviously, are the extra xml:base attributes. The original 
document looked like this:


<doc>Data
<e 
xml:base="file:/Users/elharo/Projects/XOM/data/canonical/xmlconf/xmltest/valid/ext-sa/006.ent"></e>
More data
<e 
xml:base="file:/Users/elharo/Projects/XOM/data/canonical/xmlconf/xmltest/valid/ext-sa/006.ent"></e>
</doc>


006.ent was

Data
<e/>
More data
<e/>

I'm not sure what part of the tool chain is taking it upon itself to add 
the xml:base attributes. Probably Xerces.

I'd guess this is an issue with a specific version of Xerces. I ran this 
on Mac OS X with 1.4.2 using the Xerces Jar that's bundled with 
XML-Security 1.2. It's possible I'm not actually using that and instead 
picking up an earlier version bundled with the JDK, but I don't think 
so. However, if you can't reproduce this holler and I'll look more closely.


-- 
Elliotte Rusty Harold  elharo@metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim