Sean, Colm could you please hold off on doing any changes to the
Canonicalizers for a day or two. Those were the classes that most
heavily used the == so I have some local changes here that I'll be
submitting a patch for quite soon.
On 8/5/10 10:16 AM, bugzi...@apache.org wrote:
https://issues.apache.org/bugzilla/show_bug.cgi?id=49710
Summary: exc-c14n damages namespaces of XML
Product: Security
Version: Java 1.4.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Canonicalization
AssignedTo: security-dev@xml.apache.org
ReportedBy: aklitz...@gmail.com
The canonicalizer (java) with exc-c14n produces an invalid XML document here.
It removes a namespace from an attribute that is still used in that element. It
attach an example xsd and xml file.
If I use canonicalize this xml file with exc-c14n it will remove the namespace
xmlns:xs="http://www.w3.org/2001/XMLSchema";. So the attribute
ns:type="xs:string" won't be valid afterwards.
Even if I add the namespace to the root element (bla:document) it will be
removed.
Validated with xmllint --noout --schema example.xsd example.xml
Is this really correct for this canonicalization method to damage the xml file?
--
Chad La Joie
http://itumi.biz
trusted identities, delivered
