On 08/30/2011 01:22 PM, Stefan Seefeld wrote: > On 08/30/2011 04:46 AM, Hussein Shafie wrote: > >> Therefore, I have no idea why you get this error. >> >> FYI, our doc_html.sitemap looks like this: > > I think I have figured out what the problem is: In my sitemap document I > don't insert the generated target db by means of SYSTEM entities, but > using xi:include. That doesn't appear to work, likely because xxe isn't > processing xincludes at all in that document. When I replace them by > entities, everything appears to be working. > > While not a high priority (since I have now worked around the issue), I > think it would be nice to have fixed. >
I'm not sure we can fix this issue. XXE does not parse or process sitemap files in any way. It's the XSLT engine (Saxon 6.5.5 in the case of the DocBook XSL stylesheets) which does so by the means of the document() XSL function (i.e. http://www.w3.org/TR/xslt#document). --- PS: According to http://www.sagehill.net/docbookxsl/Xinclude.html, specifying: -Dorg.apache.xerces.xni.parser.XMLParserConfiguration=org.apache.xerces.parsers.XIncludeParserConfiguration would force Xerces, the XML parser used by both XXE and Saxon, to process XIncludes. However, we suspect that doing this would break the XInclude support in XXE. Note that XXE deliberately does not rely on Xerces for its XInclude support because, probably for performance reasons, the XInclude support of Xerces is somewhat limited. -- XMLmind XML Editor Support List [email protected] http://www.xmlmind.com/mailman/listinfo/xmleditor-support
