People do attack XML parsing (as well as any other input),
the encryption on the wire doesn't stop a malicious client
from crafting special input and sending it to the server.
I did a cursory look at the code and I believe Nick is correct
that the function in question is never called with a
k for in Reader or Writer?
>
> Mikhail
>
> On Sun, Jan 28, 2018 at 10:02 PM, Aleksey Sanin <alek...@aleksey.com
> <mailto:alek...@aleksey.com>> wrote:
>
> I am not sure what is the suggest algorithm to "rewrite namespace
> prefixes". Regardless, th
I am not sure what is the suggest algorithm to "rewrite namespace
prefixes". Regardless, this is not part of C14N spec and something
you will have to do yourself.
Aleksey
On 1/28/18 3:19 AM, Mikhail Goloborodko wrote:
> Hi All,
>
> I will appreciate if somebody could help on how to normalize
be different, even
if document saved on disk would be the same.
But ok, I will fix it in my code
Thanks a lot,
Frank
Le 20/03/2014 15:04, Aleksey Sanin a écrit :
The tradeoff here is speed. Again, if you are using standard LibXML2
API then everything will work as expected. I have no idea why do
comparison because
depending on how people build and manipulate the document, the test is
not always accurate.
Frank
Le 20/03/2014 03:16, Aleksey Sanin a écrit :
How do you manipulate the XML tree? If you are using official LibXML2
function then I believe this code should work just
How do you manipulate the XML tree? If you are using official LibXML2
function then I believe this code should work just fine unless there is
a bug in the strings dictionary.
Aleksey
On 3/12/14, 10:28 AM, Frank Gross wrote:
Hi,
I'm getting some trouble to verify a XML signature because the
Take a look at xmlC14NIsVisibleCallback
Aleksey
On 3/11/2010 9:21 AM, Tejus A G wrote:
Hi All,
I have 2 queries w.r.t libxml2 API/usage.
1. I am trying to C14N transform a sub-tree of a XML document. Is there
any simple way to do this ? [I tried XPath but I couldn't find a query
to get the
I am sure you know about __attribute__ ((deprecated)) :)
Aleksey
On 1/19/2010 7:47 AM, Daniel Veillard wrote:
On Tue, Jan 19, 2010 at 04:38:24PM +0100, Martin B. wrote:
Daniel Veillard wrote:
Best thing would be if xmlCleanupParser() would be removed completely, no?
That is impossible,
thanks for the patch, sorry for the delay, I was really focused
on work stuff :-\
No worries, I know how it works :)
I don't know if this is nasty or not, but git decided to remove some
white spaces, which I'm afraid may change the output of the test, so
please double check... I also got a
few more places where my original patch changed
the ABI (int - enum). Please find attached a patch that fixes
these places and also adds a check that int is actually enum :)
Thanks again for your help!
Aleksey
From 5bd0ec467b4bf6f5ea33ec445feb7db95dca3ef6 Mon Sep 17 00:00:00 2001
From: Aleksey
Thanks for committing it!
Aleksey
Daniel Veillard wrote:
On Thu, Jul 09, 2009 at 08:42:12AM -0700, Aleksey Sanin wrote:
I commited the result, I guess it should be very close to what you had
in your tree, but like you I'm learning git so please double check the
code in git is actually what
it into the gnome git
repository (note, that there are some new files/folders added
for the new test cases).
Thank you in advance,
Aleksey Sanin
c14n11.diff.gz
Description: GNU Zip compressed data
___
xml mailing list, project page http://xmlsoft.org/
xml
Please ignore the previous patch, it is incomplete. This is the
correct one.
Sorry, still learning git :)
Aleksey
Aleksey Sanin wrote:
Daniel,
Please find attached a patch that adds support for the new
version of c14n (http://www.w3.org/TR/xml-c14n11/). I am
getting questions about
And one more patch that adds extra test vectors and speeds up
code a little bit.
Aleksey
Aleksey Sanin wrote:
Please ignore the previous patch, it is incomplete. This is the
correct one.
Sorry, still learning git :)
Aleksey
Aleksey Sanin wrote:
Daniel,
Please find attached a patch
Look at testC14N.c for a c14n example.
Aleksey
Prashant R wrote:
I have a requirement, where I would not want to have the entire xml data
in memory and preferably writing out canonicalized XML to IO .
I had a few questions to understand this better
I was planning on doing the following
How Do I add the pNode and all its sub-nodes to the NodeSet ( without
using xpath ! )
xmlXPathNodeSetCreate(pNode) seems to add only 1 Node to the node set
and not the child nodes
By manually walking the subtree?
Aleksey
___
xml mailing list,
Yes.
Aleksey
Arne Müller wrote:
just that I get this right:
The namespace nodes of a node are not just the namespaces declared at
that node, but all namespaces that are known at that node? Is that correct?
thanks for your help,
Arne
2008/8/27 Aleksey Sanin [EMAIL PROTECTED] mailto:[EMAIL
Sonntag, den 24.08.2008, 21:21 -0700 schrieb Aleksey Sanin:
Hi, Arne!
Sorry, but as I have replied in xmlsec mailing list, I believe
that libxml2 is doing the right thing here.
Aleksey
Hi Aleksey,
you might be perfectly right with adding one empty namespace.
But I think one thing is buggy non
Hi, Arne!
Sorry, but as I have replied in xmlsec mailing list, I believe
that libxml2 is doing the right thing here.
Aleksey
Arne Mueller wrote:
Hello,
I've filed the following bug-report, but Daniel Veillard told me, that
it'll be best to post on the mailing list and check with Aleksey. So
Sorry for delay with the reply. I just got back from vacation...
Your xpath is incorrect, try to use ancestor-or-self::ns1:Operation
instead.
Best,
Aleksey
Andrew Hartley wrote:
Hi,
Really sorry to have bothered you with this. I should have spotted that
the XML file from which I was
Can you write an example showing the use then, I'm a bit lost I admit :-)
Sure :) This is pretty long one but
xmlTextReaderPtr XmlReaderContext::CreateTextReader(
xmlParserInputBufferPtr input_buffer,
const string uri)
{
assert(input_buffer);
But if really you think xmlReaderForIO() ain't proper, then go ahead.
My experience is that xmlParserInputBufferPtr is
complex and will confuse users :-)
I though about that :) The reason I decided to use
xmlParserInputBufferPtr is that I can get free
objects for parsing from memory, files,
I have a tiny patch that exports xmlTextReaderSetup()
function. I need it for chaining xmlParserInputBuffers
(in-place compression + encryption + ...). W/o this
function, xmlNewTextReader() function is pretty much
useless ;)
Is it OK to check it in CVS?
Thanks,
Aleksey
diff -ur
I think this one was already reported:
http://mail.gnome.org/archives/xml/2006-October/msg00123.html
and fixed in CVS the day after 2.6.27 was released :-).
Oh, thanks! Sorry, I did not have time to look at the cvs today.
Aleksey
___
xml
This callback can be used to do canonicalization in more complex
case when constructing the nodeset can be very expensive. For example,
you can take a look at how it is used inside xmlsec library:
http://www.aleksey.com/xmlsec
Aleksey
pmd wrote:
Thank you for the quick response.
I'm trying
were supplied.
I am trying to understand why - what seems to be the
correct behavior (in my opinion) -- maybe I don't understand the c14n
spec --
does not happen, and if, using schemas, there is a way to
get it to happen.
Thanks,
Rick
Aleksey Sanin wrote:
Is there some other way
access to schema data from xml parser
(at least, for my limited knowledge of this code).
I can suggest a workaround though... You can parse
xml file, then *manually* add default attributes from
the schema and then call C14N. Not the best option
but it should work
Aleksey
Aleksey Sanin wrote:
Yes
... but I still couldn't figure out what data should I assign
for void * user_data actually.
void * user_data is ... user data. You can use this parameter
to pass around the context to the callback function. Libxml2
does nothing with this data, just passes it to your callback.
Aleksey
Anyway, the 'extra' empty default namespace generated on
CanonicalizationMethod by LibXML2
mentioned in my first mail violates the
http://www.w3.org/TR/xml-exc-c14n/ if my understanding of that spec is
correct.
Yes, you are correct. There is a bug in libxml2 c14n module.
I appologize for
According to C14N specification, it is responsible for doing
these replacements
The XML processor performs the following tasks in order:
1. normalize line feeds
2. normalize attribute values
3. replace CDATA sections with their character content
4. resolve character and parsed
Ops, sorry. Let me take it back. It is not about gcc but about
me not able to distinguish HTTP and HTML words :(
Sorry,
Aleksey
Aleksey Sanin wrote:
I have a small patch (attached) to make gcc 2.96 happy (don't ask
me why it did not like the original code). I hope nobody would mind
if I check
Fixes testapi.c compilation with --enable-html --disable-http options.
Aleksey
--- testapi.c.orig Sat Apr 2 00:44:00 2005
+++ testapi.c Tue Jun 28 06:14:28 2005
@@ -675,6 +675,9 @@
xmlNanoHTTPClose(val);
}
}
+static void desret_xmlNanoHTTPCtxtPtr(void *val) {
+
The attached patch special cases DAV: namespace in c14n's
relative namespaces check and replaces #ifdef DEBUG_C14N/#endif
with structured error messages as you described bellow. Please
take a look and let me know if I can check it in or need to
do something.
Aleksey
Aleksey Sanin wrote:
Sounds
The most likely reason for c14n failure in your case is
DAV: namespace. Most likely, it failed on xml parsing stage.
Aleksey
___
xml mailing list, project page http://xmlsoft.org/
xml@gnome.org
http://mail.gnome.org/mailman/listinfo/xml
Then it fails in relative namespace check inside C14N
(see notes in section 2.1 of c14n spec:
http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
Aleksey
Daniel Veillard wrote:
On Tue, Mar 15, 2005 at 07:26:13AM -0800, Aleksey Sanin wrote:
The most likely reason for c14n failure in your case is
DAV
either way, it would be nice if the error reported explained the problem
a bit better.
that I agree with,
Currently, all c14n errors are ifdef'd with DEBUG_C14N. Should
we just turn them on by default?
Aleksey
___
xml mailing list, project page
Indeed. however, I found
http://cvs.apache.org/viewcvs.cgi/*checkout*/ietf-uri/rev-2002/issues.html?rev=HEADcontent-type=text/html#014-empty-opaque_part
so it will be allowed in the future. Any chance of getting this specific
bit in before the new rfc gets published?
I don't have any problem with
On Tue, Mar 15, 2005 at 10:13:53AM -0800, Aleksey Sanin wrote:
Indeed. however, I found
http://cvs.apache.org/viewcvs.cgi/*checkout*/ietf-uri/rev-2002/issues.html?rev=HEADcontent-type=text/html#014-empty-opaque_part
so it will be allowed in the future. Any chance of getting this specific
bit
Sounds good. I'll do it this week (I hope).
Aleksey
Daniel Veillard wrote:
On Tue, Mar 15, 2005 at 10:13:32AM -0800, Aleksey Sanin wrote:
Currently, all c14n errors are ifdef'd with DEBUG_C14N. Should
we just turn them on by default?
Depends:
1/ do they use the existing structured error
39 matches
Mail list logo