diff options
author | Christian Heimes <christian@python.org> | 2013-03-07 22:04:01 +0100 |
---|---|---|
committer | Christian Heimes <christian@python.org> | 2013-03-07 22:04:01 +0100 |
commit | 158dd68a31bd5e0445de2e72e3e299fd877ad257 (patch) | |
tree | a35eaf162748b27a3b25f15890f6d4e755753b69 | |
parent | 4ad1716a750cda8c78a9e06a21e870cb26f2f4c9 (diff) | |
download | defusedxml-git-158dd68a31bd5e0445de2e72e3e299fd877ad257.tar.gz |
add possible issue with XMLSchema location
fixed XSLT bug
-rw-r--r-- | README.txt | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -573,6 +573,20 @@ processed. Some Python XML libraries and libxml2 support XInclude but don't have an option to sandbox inclusion and limit it to allowed directories. +XMLSchema location +------------------ + +A validating XML parser may download schema files from the information in a +``xsi:schemaLocation`` attribute. + +:: + + <ead xmlns="urn:isbn:1-931666-22-9" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="urn:isbn:1-931666-22-9 http://www.loc.gov/ead/ead.xsd"> + </ead> + + XSL Transformation ------------------ @@ -588,7 +602,7 @@ Example from `Attacking XML Security`_ for Xalan-J:: xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:rt="http://xml.apache.org/xalan/java/java.lang.Runtime" xmlns:ob="http://xml.apache.org/xalan/java/java.lang.Object" - exclude-result-prefixes= "rt,ob"> + exclude-result-prefixes= "rt ob"> <xsl:template match="/"> <xsl:variable name="runtimeObject" select="rt:getRuntime()"/> <xsl:variable name="command" |