Hi,
I found some limitations or bugs while using XXE Standard and external
entities ("referenced document"):
1. a referenced document cannot itself contain another referenced
document: the top-level referencing document cannot even be open, XXE
complaining about undefined entity references
2. if an external entity is defined in an external parameter entity,
which is in a different directory that the referencing document, then
the referenced document cannot be edited, as explained below:
referencing doc = a.xml
a.xml contains the following , in the doctype declaration
[ <!ENTITY % s_entities SYSTEM "entities/s.ent">
%s_entities; ]
and, later, a reference to an external entity:
&foo;
This entity is defined in entities/spec.ent:
<!ENTITY foo SYSTEM "../foo.xml">
And indeed, summarySpec.xml is in the same directory as a.xml.
XXE displays the content of foo.xml, but when I want to edit it (using
the toolbar button to "Edit References Document"), XXE tries to open the
file in the parent directory of a.xml's directory. So, the entity foo is
resolved using a.xml's base path instead of s.ent's path.
I believe this is a bug, since a.xml is valid, accoding to Xerces and
other parsers (even to XXE!).
Cheers,
Benoit Maisonny
--
..................................................
Benoit Maisonny benoit at synclude.com
Director & Consultant http://synclude.com
Synclude Ltd.
