diff options
| author | Christian Heimes <christian@cheimes.de> | 2013-03-07 22:04:01 +0100 |
|---|---|---|
| committer | Christian Heimes <christian@cheimes.de> | 2013-03-07 22:04:01 +0100 |
| commit | e7a18d6e968f8701dbe63b85086b1c23fa7bb222 (patch) | |
| tree | a35eaf162748b27a3b25f15890f6d4e755753b69 | |
| parent | fb7ba65f46a11b2e230f0fba9497aa8268a6e6b6 (diff) | |
| download | defusedxml-e7a18d6e968f8701dbe63b85086b1c23fa7bb222.tar.gz | |
add possible issue with XMLSchema location
fixed XSLT bug
| -rw-r--r-- | README.txt | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -573,6 +573,20 @@ processed. Some Python XML libraries and libxml2 support XInclude but don't have an option to sandbox inclusion and limit it to allowed directories. +XMLSchema location +------------------ + +A validating XML parser may download schema files from the information in a +``xsi:schemaLocation`` attribute. + +:: + + <ead xmlns="urn:isbn:1-931666-22-9" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="urn:isbn:1-931666-22-9 http://www.loc.gov/ead/ead.xsd"> + </ead> + + XSL Transformation ------------------ @@ -588,7 +602,7 @@ Example from `Attacking XML Security`_ for Xalan-J:: xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:rt="http://xml.apache.org/xalan/java/java.lang.Runtime" xmlns:ob="http://xml.apache.org/xalan/java/java.lang.Object" - exclude-result-prefixes= "rt,ob"> + exclude-result-prefixes= "rt ob"> <xsl:template match="/"> <xsl:variable name="runtimeObject" select="rt:getRuntime()"/> <xsl:variable name="command" |