[XXE] Good XML Declarations Rejectd by XXE

Wed, 06 Oct 2004 10:46:54 +0200 

You have found a bug but it is not related to *your* XML declaration, 
which is, of course, correct.

All the following documents work fine:

---
<?xml version="1.0"?>
<article2>
        <title>Cannot be opened by XXE</title>

        <para>
                For whatever reason, the xml declaration in this file
                causes problems for XXE (or XXE's parser).
        </para>
</article2>
---

---
<?xml version="1.0"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd";>
<article>
        <title>Cannot be opened by XXE</title>

        <para>
                For whatever reason, the xml declaration in this file
                causes problems for XXE (or XXE's parser).
        </para>
</article>
---

---
<?xml version="1.0" encoding="US-ASCII" ?>
<article>
        <title>Cannot be opened by XXE</title>

        <para>
                For whatever reason, the xml declaration in this file
                causes problems for XXE (or XXE's parser).
        </para>
</article>
---

---
<article>
        <title>Cannot be opened by XXE</title>

        <para>
                For whatever reason, the xml declaration in this file
                causes problems for XXE (or XXE's parser).
        </para>
</article>
---

Here's what happens:

* The DocBook configuration is used to recognize your article as being 
DocBook.

* Because your article has no <!DOCTYPE>, XXE creates a temporary master 
document with a DocBook <!DOCTYPE>, including your article as an 
external entity. Then XXE loads this temporary master document.

* The problem is that, now, your article is treated by the parser as an 
external entity.

* ``<?xml version="1.0"?>'' is an incorrect *TextDecl* for an external 
entity (an encoding must be specified in this case).

---
[77] TextDecl ::= '<?xml' VersionInfo? EncodingDecl S? '?>'
---

This bug will be fixed in next version. The workaround is to specify an 
encoding in your XML declaration.





John L. Clark wrote:
> The attached file, a very simple DocBook file, is well-formed as far as
> I can tell, but XXE refuses to open it, giving the error:
> 
>     parse error in "<file/>", line 1, column 0: invalid XML declaration
> 
> The XML declaration is:
> 
>     <?xml version="1.0"?>
> 
> which looks like it matches the production for XMLdecl given in the XML
> 1.0 Spec[0].  Also, this file is parsed by `xmllint` with no errors.
> This seems to me either a bug in the XXE suite or a problem with the
> file.  If it is the latter, what am I doing wrong?  If the former,
> consider this a bug report.
> 
> 
> [0] http://www.w3.org/TR/REC-xml/#NT-XMLDecl
> 
> 
> ------------------------------------------------------------------------
> 
> <?xml version="1.0"?>
> <article>
>       <title>Cannot be opened by XXE</title>
> 
>       <para>
>               For whatever reason, the xml declaration in this file
>               causes problems for XXE (or XXE's parser).
>       </para>
> </article>
> 
> 
> ------------------------------------------------------------------------

Reply via email to