What I'm going to do in the C++ library is put in a call that allows you to disable the search for non registered Ids. That allows for backwards compatibility, but ensures that the settings can be more secure.
I might also mark it in the docs with a warning that at version 2, this will become the default.
Cheers,
BerinScott Cantor wrote:
My advice would be to remove the code that searches for attributes named id, or Id and force the application to manually register those ids.
+1.
But I'd add that Sun's inclusion of an XML parser in the JRE really complicates this because it forces us to endorse a parser that does support the DOM3 calls needed to manually register IDs. I'm not aware of any non-DOM3 method in, say, Xerces, that even supports registration of IDs, whether standard or otherwise. Happy to learn of one, though.
-- Scott
