You are viewing a plain text version of this content. The canonical link for it is here.

Posted to j-dev@xerces.apache.org by ji...@apache.org on 2004/04/23 19:37:53 UTC

[jira] Closed: (XERCESJ-737) Some invalid IDREFS, ENTITIES, and NMTOKENS attributes not reported during valdiation.

Message:

   The following issue has been closed.

   Resolver: Michael Glavassevich
       Date: Fri, 23 Apr 2004 10:37 AM

Closed.

---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/XERCESJ-737

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: XERCESJ-737
    Summary: Some invalid IDREFS, ENTITIES, and NMTOKENS attributes not reported during valdiation.
       Type: Bug

     Status: Closed
 Resolution: FIXED

    Project: Xerces2-J
 Components: 
             DTD
   Versions:
             2.4.0

   Assignee: Michael Glavassevich
   Reporter: Michael Glavassevich

    Created: Fri, 30 May 2003 5:33 PM
    Updated: Fri, 23 Apr 2004 10:37 AM
Environment: Operating System: All
Platform: All

Description:
The DTD validator does not report some invalid IDREFS, ENTITIES, and NMTOKENS. 
The problem is in ListDatatypeValidator. It allows the following to slip 
through:

1) Attributes of those types containing the character reference &#x0C. This 
reference is legal in XML 1.1, and by default StringTokenizer uses 0x0C as one 
of its delimiters. Form feed (0x0C) isn't even XML white space.

2) Attributes of those types which have leading or trailing whitespace chars 
after normalization, which you can get if you specify an attribute value with 
char references to 0x09, 0x0A, and 0x0D.

3) Attributes of those types which don't meet changes to the Names and Nmtokens 
production, as stated in E20 of the XML 1.0 SE Errata 
(http://www.w3.org/XML/xml-V10-2e-errata#E20).

In summary, IDREFS, ENTITIES, and NMTOKENS before attribute normalization 
cannot contain references to whitespace characters other than 0x20, in order 
for them to meet the Names and Nmtokens productions after normalization.


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-j-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-j-dev-help@xml.apache.org