Re: [xml] xmlParseFile fails on xCBL 4.0 document



I am not sure*why* c14n code executed for xmlParseFile function. But
assuming that there is a legitimate reason for this (i.e. there is another
function call) ...


C14N specification require absolute namespace URIs. Probably it is better
to do the check for known URI schemes (e.g. "http", "https", "ftp", "file")
instead of exluding few ("urn", "dav", "rrn") though it goes against usual
security practice to (exclude what you know is good vs. catch what you
know is bad).

Unfortunately, I am on vacation and will not be able to make this change till
January. You can either wait or create a patch yourself and send it to this
mailing list.


Aleksey





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]