You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by bu...@apache.org on 2010/08/05 16:16:08 UTC
DO NOT REPLY [Bug 49710] New: exc-c14n damages namespaces of XML
https://issues.apache.org/bugzilla/show_bug.cgi?id=49710
Summary: exc-c14n damages namespaces of XML
Product: Security
Version: Java 1.4.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Canonicalization
AssignedTo: security-dev@xml.apache.org
ReportedBy: aklitzing@gmail.com
The canonicalizer (java) with exc-c14n produces an invalid XML document here.
It removes a namespace from an attribute that is still used in that element. It
attach an example xsd and xml file.
If I use canonicalize this xml file with exc-c14n it will remove the namespace
xmlns:xs="http://www.w3.org/2001/XMLSchema". So the attribute
ns:type="xs:string" won't be valid afterwards.
Even if I add the namespace to the root element (bla:document) it will be
removed.
Validated with xmllint --noout --schema example.xsd example.xml
Is this really correct for this canonicalization method to damage the xml file?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49710] exc-c14n damages namespaces of XML
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49710
Scott Cantor <ca...@osu.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #5 from Scott Cantor <ca...@osu.edu> 2010-08-05 10:37:34 EDT ---
Your example is not a bug. Exclusive c14n does not handle namespace prefixes
found in QName content, including xsi:type attributes. If you have such cases,
you have to force inclusive mode using the InclusivePrefix list.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Re: DO NOT REPLY [Bug 49710] New: exc-c14n damages namespaces of
XML
Posted by Chad La Joie <la...@itumi.biz>.
Sean, Colm could you please hold off on doing any changes to the
Canonicalizers for a day or two. Those were the classes that most
heavily used the == so I have some local changes here that I'll be
submitting a patch for quite soon.
On 8/5/10 10:16 AM, bugzilla@apache.org wrote:
> https://issues.apache.org/bugzilla/show_bug.cgi?id=49710
>
> Summary: exc-c14n damages namespaces of XML
> Product: Security
> Version: Java 1.4.2
> Platform: All
> OS/Version: All
> Status: NEW
> Severity: normal
> Priority: P2
> Component: Canonicalization
> AssignedTo: security-dev@xml.apache.org
> ReportedBy: aklitzing@gmail.com
>
>
> The canonicalizer (java) with exc-c14n produces an invalid XML document here.
> It removes a namespace from an attribute that is still used in that element. It
> attach an example xsd and xml file.
> If I use canonicalize this xml file with exc-c14n it will remove the namespace
> xmlns:xs="http://www.w3.org/2001/XMLSchema". So the attribute
> ns:type="xs:string" won't be valid afterwards.
> Even if I add the namespace to the root element (bla:document) it will be
> removed.
>
> Validated with xmllint --noout --schema example.xsd example.xml
>
> Is this really correct for this canonicalization method to damage the xml file?
>
--
Chad La Joie
http://itumi.biz
trusted identities, delivered
DO NOT REPLY [Bug 49710] exc-c14n damages namespaces of XML
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49710
--- Comment #2 from AK <ak...@gmail.com> 2010-08-05 10:20:16 EDT ---
Created an attachment (id=25846)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25846)
XML File
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49710] exc-c14n damages namespaces of XML
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49710
--- Comment #1 from AK <ak...@gmail.com> 2010-08-05 10:18:01 EDT ---
Created an attachment (id=25845)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25845)
XML Schema
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49710] exc-c14n damages namespaces of XML
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49710
--- Comment #4 from AK <ak...@gmail.com> 2010-08-05 10:33:16 EDT ---
damaged.xml:4: element value: Schemas validity error : Element
'{http://test/1.0}value', attribute
'{http://www.w3.org/2001/XMLSchema-instance}type': The QName value 'xs:string'
has no corresponding namespace declaration in scope.
damaged.xml fails to validate
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 49710] exc-c14n damages namespaces of XML
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=49710
--- Comment #3 from AK <ak...@gmail.com> 2010-08-05 10:21:22 EDT ---
Created an attachment (id=25847)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25847)
XML File (after canonicalization - invalid in schema checking)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.