Using catalogs with XXE 2

Fri Sep 27 15:08:01 2002 

IMHO, managing entity resolution is crucial for 'heavy duty'
XML (and SGML) processing. We avoid a lot of day-to-day hassle
by ensuring a completely predictable resolution of entities, 
and we want of course to use the exact same catalogs for a 
number of processes -- which is why I won't in general just 
make special XML catalogs for anything. But it might be OK
to comment out the DOCTYPE in XML catalogs ;)

The drawbacks of using system IDs like
http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd?
We don't in general want anything to actually try to resolve
entities through the Internet. A local URL is OK, but again,
we'd rather have the process controlled by common catalogs 
(than by each invidual application). In the case of DocBook
XML, the URLs in DOCTYPE declarations are anyway often
bogus, out of sync with the actual canonical URI for for 
the DTD. Another example: the canonical system identifier 
in XML Catalog resolves to version 1.7 of the DTD, while 
the (non-normative) DTD in the spec is version 1.9. Don't
trust URLs that you do not control yourself.

The Sun resolver can be controlled in a number of ways.
Examples in the article at 
http://wwws.sun.com/software/xml/developers/resolver/article/#ctrlresolver


BTW, I think you've accomplished quite a lot with XXE
in a very short span of time. I'm deeply impressed.

Kind regards 
Peter Ring
Magnus Informatik A/S
A Wolters Kluwer Company


-----Original Message-----
From: Hussein Shafie [mailto:[email protected]]
Sent: 27. september 2002 14:20
To: Peter Ring
Cc: xmleditor-support at xmlmind.com
Subject: Re: Using catalogs with XXE 2


> BTW, what is the best way to control the Sun resolver as used by XXE?

I don't really understand what do you mean by control. Is it the
property file used by the resolver? We don't use it. We use Sun resolver
pretty naively to fulfill very basic needs. I guess that you are more
expert than us in this field.



> The other glitch appear to be caused by the part of XXE (and xsdvalid)
> that validates and serializes the DTD. Even if the XML catalog says
> prefer="public", something in XXE tries to resolve the systemID.

It tries to parse it as an URL but only for informational purposes which
seems pretty useless.



> Well, we tend to use URNs like "urn:x-oasis:docbook-xml-v4.1.2" for
system
> identifiers in our documents (as suggested by Norman Walsh in [3]) in
> order to avoid picking up random DTDs.

I didn't manage to find such recommendation in [3]. I would like to
understand the drawbacks of using system IDs like
http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd.

<snip/>

Reply via email to