Re: [xml] 2.9.3 exhibits strange behaviour when given external entity files

From: Daniel Veillard <veillard redhat com>
To: Stefan Knorr <sknorr suse de>
Cc: xml gnome org
Subject: Re: [xml] 2.9.3 exhibits strange behaviour when given external entity files
Date: Thu, 18 Feb 2016 12:06:48 +0100

On Tue, Feb 09, 2016 at 04:22:29PM +0100, Stefan Knorr wrote:

Hi all,

I wanted to discuss this on the ML because I am not sure if this is a
bug only on my distribution (openSUSE) or if this really comes from
upstream...

I have this file "dummy.xml":
----
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE example PUBLIC "example" "http://example.org"; [
<!ENTITY % myentities SYSTEM "entities.ent"> %myentities;
]>
<example>
 <title>Test</title>
</example>
----

and an entities file, "entities.ent":
----
<!ENTITY entity "entity">
----

Then I run
$ xmllint dummy.xml

For some reason, xmllint now throws away "%myentities;". I also
noticed that it does not seem to care about the name of the entity file
referenced in the XML. If I try to reference &entity; from
the XML, xmllint will complain about a missing definition.

What do you say?


Regards,

Stefan.


  libxml2 does not fetch external entities unless asked for since
it is a security hazard, unless you trust the source. This has been the
default for some time. See xmllint flags like --valid --noent or --loaddtd
if you want to activate this.

Daniel

-- 
Daniel Veillard      | Open Source and Standards, Red Hat
veillard redhat com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/

Follow-Ups:
- Re: [xml] 2.9.3 exhibits strange behaviour when given external entity files
  - From: Stefan Knorr

References:
- [xml] 2.9.3 exhibits strange behaviour when given external entity files
  - From: Stefan Knorr

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]