santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chad La Joie <laj...@itumi.biz>
Subject Re: DO NOT REPLY [Bug 49710] New: exc-c14n damages namespaces of XML
Date Thu, 05 Aug 2010 14:30:04 GMT
Sean, Colm could you please hold off on doing any changes to the 
Canonicalizers for a day or two.  Those were the classes that most 
heavily used the == so I have some local changes here that I'll be 
submitting a patch for quite soon.

On 8/5/10 10:16 AM, bugzilla@apache.org wrote:
> https://issues.apache.org/bugzilla/show_bug.cgi?id=49710
>
>             Summary: exc-c14n damages namespaces of XML
>             Product: Security
>             Version: Java 1.4.2
>            Platform: All
>          OS/Version: All
>              Status: NEW
>            Severity: normal
>            Priority: P2
>           Component: Canonicalization
>          AssignedTo: security-dev@xml.apache.org
>          ReportedBy: aklitzing@gmail.com
>
>
> The canonicalizer (java) with exc-c14n produces an invalid XML document here.
> It removes a namespace from an attribute that is still used in that element. It
> attach an example xsd and xml file.
> If I use canonicalize this xml file with exc-c14n it will remove the namespace
> xmlns:xs="http://www.w3.org/2001/XMLSchema". So the attribute
> ns:type="xs:string" won't be valid afterwards.
> Even if I add the namespace to the root element (bla:document) it will be
> removed.
>
> Validated with xmllint --noout --schema example.xsd example.xml
>
> Is this really correct for this canonicalization method to damage the xml file?
>

-- 
Chad La Joie
http://itumi.biz
trusted identities, delivered

Mime
View raw message