santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 44983] New: XSLT transformation should not be canonicalized
Date Tue, 13 May 2008 07:15:17 GMT

           Summary: XSLT transformation should not be canonicalized
           Product: Security
           Version: cvs
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: C++ Canonicalization

After XSLT transformation, xml security canonicalize it. This is wrong
according to standard. User should manually append c14n transfomation.

>From standard:
The output of this transform is an octet stream. The processing rules for the
XSL style sheet or transform element are stated in the XSLT specification
[XSLT]. We RECOMMEND that XSLT transform authors use an output method of xml
for XML and HTML. As XSLT implementations do not produce consistent
serializations of their output, we further RECOMMEND inserting a transform
after the XSLT transform to canonicalize the output. These steps will help to
ensure interoperability of the resulting signatures among applications that
support the XSLT transform. Note that if the output is actually HTML, then the
result of these steps is logically equivalent [XHTML].

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

View raw message