You are viewing a plain text version of this content. The canonical link for it is here.
Posted to j-users@xerces.apache.org by Rahul Srivastava <rs...@firstam.com> on 2003/04/15 12:27:50 UTC
RE: Can I stop SAX validation from resolving non-approved
namespaces?
Hi Andy,
When you use, external-schemalocation property, any XMLSchema referred from
within the XML instance is ignored and the schema specified using the
external-schemalocation property is considered, provided, the schema
referred and the schema supplied using property have the same
targetNamespace. Any other schema referred from within the instance, and not
supplied using the property would ofcourse be used.
See:
http://xml.apache.org/xerces2-j/properties.html#schema.external-schemaLocati
on
Cheers,
Rahul.
-----Original Message-----
From: Andy Taylor [mailto:andytaylormxmg@hotmail.com]
Sent: Tuesday, April 15, 2003 1:53 PM
To: xerces-j-user@xml.apache.org
Subject: Can I stop SAX validation from resolving non-approved namespaces?
Hi,
I'm writing a server-side application which allows users to upload XML
files via HTTP, then parses them and stores the data in a database. I'm
using the property
http://apache.org/xml/properties/schema/external-schemalocation to validate
their file against a specific version of my schema file to prevent users
from specifying their own modified version, and my SAX ContentHandler only
recognises elements defined in my schema.
Is there a way to prevent the SAX validation from recognising namespaces
apart from the one defined in my own schema and
http://www.w3.org/2001/XMLSchema-instance , as I presume this would create
additional network traffic and slow the system down, especially if the
validator is trying to validate against a schema/DTD stored on a server with
a slow connection. It would, I guess, be a way for people to attack the
system if they put their minds to it!
Many thanks,
Andy
----------------------------------------------------------------------------
--
--------------------------------------------------------------------- To
unsubscribe, e-mail: xerces-j-user-unsubscribe@xml.apache.org For additional
commands, e-mail: xerces-j-user-help@xml.apache.org