Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Incomplete
    • Affects Version/s: Java 1.4.2
    • Fix Version/s: None
    • Component/s: Java
    • Security Level: Public (Public issues, viewable by everyone)
    • Labels:
      None
    • Environment:
      Operating System: All
      Platform: All

      Description

      The canonicalizer (java) with exc-c14n produces an invalid XML document here. It removes a namespace from an attribute that is still used in that element. It attach an example xsd and xml file.
      If I use canonicalize this xml file with exc-c14n it will remove the namespace xmlns:xs="http://www.w3.org/2001/XMLSchema". So the attribute ns:type="xs:string" won't be valid afterwards.
      Even if I add the namespace to the root element (bla:document) it will be removed.

      Validated with xmllint --noout --schema example.xsd example.xml

      Is this really correct for this canonicalization method to damage the xml file?

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Resolved Resolved Closed Closed
        123d 21h 38m 1 Colm O hEigeartaigh 07/Dec/10 11:54
        Mark Thomas made changes -
        Workflow Default workflow, editable Closed status [ 12565709 ] jira [ 12586463 ]
        Mark Thomas made changes -
        Assignee XML Security Developers Mailing List [ security-dev@xml.apache.org ]
        Mark Thomas made changes -
        Workflow jira [ 12539415 ] Default workflow, editable Closed status [ 12565709 ]
        Colm O hEigeartaigh made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Colm O hEigeartaigh made changes -
        Component/s Java [ 12314103 ]
        Component/s Canonicalization [ 12314098 ]
        Mark Thomas made changes -
        Field Original Value New Value
        issue.field.bugzillaimportkey 49710 12492510
        Hide
        Scott Cantor added a comment -

        Your example is not a bug. Exclusive c14n does not handle namespace prefixes found in QName content, including xsi:type attributes. If you have such cases, you have to force inclusive mode using the InclusivePrefix list.

        Show
        Scott Cantor added a comment - Your example is not a bug. Exclusive c14n does not handle namespace prefixes found in QName content, including xsi:type attributes. If you have such cases, you have to force inclusive mode using the InclusivePrefix list.
        Hide
        AK added a comment -

        damaged.xml:4: element value: Schemas validity error : Element '

        {http://test/1.0}

        value', attribute '

        {http://www.w3.org/2001/XMLSchema-instance}

        type': The QName value 'xs:string' has no corresponding namespace declaration in scope.

        damaged.xml fails to validate

        Show
        AK added a comment - damaged.xml:4: element value: Schemas validity error : Element ' {http://test/1.0} value', attribute ' {http://www.w3.org/2001/XMLSchema-instance} type': The QName value 'xs:string' has no corresponding namespace declaration in scope. damaged.xml fails to validate
        Hide
        AK added a comment -

        Created an attachment (id=25847)
        XML File (after canonicalization - invalid in schema checking)

        Show
        AK added a comment - Created an attachment (id=25847) XML File (after canonicalization - invalid in schema checking)
        Hide
        AK added a comment -

        Created an attachment (id=25846)
        XML File

        Show
        AK added a comment - Created an attachment (id=25846) XML File
        Hide
        AK added a comment -

        Created an attachment (id=25845)
        XML Schema

        Show
        AK added a comment - Created an attachment (id=25845) XML Schema
        AK created issue -

          People

          • Assignee:
            Unassigned
            Reporter:
            AK
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development