Re: [xml] 2.9.3 exhibits strange behaviour when given external entity files

On Tue, Feb 09, 2016 at 04:22:29PM +0100, Stefan Knorr wrote:
Hi all,

I wanted to discuss this on the ML because I am not sure if this is a
bug only on my distribution (openSUSE) or if this really comes from

I have this file "dummy.xml":
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE example PUBLIC "example" ""; [
<!ENTITY % myentities SYSTEM "entities.ent"> %myentities;

and an entities file, "entities.ent":
<!ENTITY entity "entity">

Then I run
$ xmllint dummy.xml

For some reason, xmllint now throws away "%myentities;". I also
noticed that it does not seem to care about the name of the entity file
referenced in the XML. If I try to reference &entity; from
the XML, xmllint will complain about a missing definition.

What do you say?



  libxml2 does not fetch external entities unless asked for since
it is a security hazard, unless you trust the source. This has been the
default for some time. See xmllint flags like --valid --noent or --loaddtd
if you want to activate this.


Daniel Veillard      | Open Source and Standards, Red Hat
veillard redhat com  | libxml Gnome XML XSLT toolkit | virtualization library

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]