Jeremy Quinn wrote:
> enclosed :
>
> please drop the 'iniva' folder in your configs folder, then open the
> file 'index.xml'.
>
> 'index.xml' is a 'component' a sub-document that is included at the time
> Cocoon processes our documents for display. This particular component
> has tags in the Cocoon SQL namespace, it is processed by a Cocoon
> Pipeline with the SQL Transformer in it.
>
> On my machine, this file displays the tabs inside the <query> tag.
>
> Maybe I have written my XSD incorrectly?
Really, there is nothing incorrect here, either about XXE behavior or
about your XML-Schema.
* index.html contains an indented SQL query, which is plain text with a
lot of whitespace (tabs, newlines, etc).
* SQL queries are modeled as:
---
<xsd:element name="query">
<xsd:complexType mixed="true">
<xsd:sequence>
<xsd:group ref="sql:query.content" minOccurs="0"
maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attributeGroup ref="sql:query.attlist"/>
</xsd:complexType>
</xsd:element>
---
where:
---
<xsd:attributeGroup name="query.attlist">
<xsd:attribute name="name" type="xsd:string" form="unqualified"/>
<xsd:attribute name="isstoredprocedure" type="xsd:boolean"
form="unqualified"/>
<xsd:attribute ref="xml:space" default="preserve"/> </xsd:attributeGroup>
---
Notice:
---
<xsd:attribute ref="xml:space" default="preserve"/>
---
which instructs XXE *not to discard whitespaces* inside "sql:query"
elements.
* The consequence is that you *see tabs* when you open a file such as
index.xml which *contains tabs* (that is, '\t' chars are part of the
information contained in the file).
This may be ugly to look at because '\t' chars are displayed as small
boxes, but XXE behavior is correct, your XML-Schema is correct and it is
harmless for cocoon.
