https://issues.apache.org/bugzilla/show_bug.cgi?id=44983
Summary: XSLT transformation should not be canonicalized
Product: Security
Version: cvs
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: C++ Canonicalization
AssignedTo: security-dev@xml.apache.org
ReportedBy: [EMAIL PROTECTED]
After XSLT transformation, xml security canonicalize it. This is wrong
according to standard. User should manually append c14n transfomation.
>From standard:
The output of this transform is an octet stream. The processing rules for the
XSL style sheet or transform element are stated in the XSLT specification
[XSLT]. We RECOMMEND that XSLT transform authors use an output method of xml
for XML and HTML. As XSLT implementations do not produce consistent
serializations of their output, we further RECOMMEND inserting a transform
after the XSLT transform to canonicalize the output. These steps will help to
ensure interoperability of the resulting signatures among applications that
support the XSLT transform. Note that if the output is actually HTML, then the
result of these steps is logically equivalent [XHTML].
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
