Pierre Attar wrote: > > I saw in the documentation that if I want to use external general > entities, I need to have a single root which is quite conforming to the > xml spec. I try this with no problems. > > After that, I just put an XML comment in my document and then xxe cry, > saying that this document is not managed by xxe. > Is that a bug or something else I did not understood ?
This is not a bug but rather a strong limitation, which is, in our opinion, clearly stated in http://www.xmlmind.com/xmleditor/detailed_features.html#nonfeatures and in http://www.xmlmind.com/xmleditor/_distrib/docs/help/ar01s06s01.html#managedNonmanaged If you want to use external entities, you need to include files just containing a single element and nothing else. That is, no comments, PIs or <!DOCTYPE> before root element. There is no such problem with modular documents built using XIncludes. Note that composing modular documents using XInclude rather than external entities is now supported by free Standard Edition.
