Is it possible to use DTD entities with the scheme xs:string

Question

I have a API with the following validation scheme:

<root>
<header>
</header>
<body>
<element></element>
</body>

'element' has the rule (in the xsd schema): with the restriction base: xs:string

is it possible to use DTD entities without changing the rules? Like this:

<!ENTITY foo "something cool">
<element>&foo;</element>

So far the scheme validation fails when I use an entity. When I don't (using a string) it works fine.

Any ideas?

edit: the <!ENTITY foo "something cool"> part works fine (I've tested it with external entities). I just can't use the result.

I don't think so - http://stackoverflow.com/a/14912274/2864740 — user2864740, May 30 '14 at 09:05

score 3 · Answer 1 · answered May 30 '14 at 13:27

Nothing in the XSD spec forbids the use of a DTD and entity declarations in DTD notations for the document to be validated by an XSD validator. (It can't: XSD operates on any well-formed XML infoset, after entity expansion, so XSD can't really tell whether there has been DTD processing or not.) So in principle the answer is "yes, it's possible".

The co-existence of DTDs and XSD schemas does tend to confuse some software and some people, however, and there may be processors which will assume, by default, that if you have a document type declaration in the input, then you must not want XSD validation. (I haven't encountered any, but that doesn't mean they don't exist.) You may be able to override that default assumption.

Thank you for your answer. In my case the XML was (already) valid, but the validator fails. — f4der, Jun 04 '14 at 08:27

helderdarocha · Answer 2 · 2014-06-03T12:05:50.500

Complementing the answer by @CMSperbergMcQueen with an example.

I tested your example with this XML:

<!DOCTYPE root [
    <!ENTITY foo "something cool">
]>

<root xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:noNamespaceSchemaLocation="dtdschema.xsd">
    <body>
        <element>A plain string</element>
        <element>&foo;</element>
    </body>
</root>

and an XSD element declaration like this one:

<xs:element name="element">
    <xs:simpleType>
        <xs:restriction base="xs:string"></xs:restriction>
    </xs:simpleType>
</xs:element>

It validated successfully in Xerces and Saxon EE. You can also see it validating it in this online service where you can modify it and see the results.

Thank you for the validator and the example. It was helpful! In my case the XML was (already) valid, but the validator fails. — f4der, Jun 04 '14 at 08:28

score 0 · Accepted Answer · answered Jun 04 '14 at 08:26

0

I finally discovered that the problem wasn't a invalid XML, but the PHP LibXML validator (DOMDocument::schemaValidate) fails. Validating the XML example of helderdarocha (which is valid) results in a schema validation error:

Internal error: xmlSchemaVDocWalk, there is at least one entity reference in the node-tree currently being validated. Processing of entities with this XML Schema processor is not supported (yet). Please substitute entities before validation..

So in this case my XML was correct (all the time), but the validator fails to validate it.

Hope this will save some people a headache :)

answered Jun 04 '14 at 08:26

f4der

711
4
18

2

If you have not tried using the DOMDocument / libxml facilities to expand entities before validation, you should. – C. M. Sperberg-McQueen Jun 04 '14 at 13:13
I am just pentesting the API ;) – f4der Jun 06 '14 at 07:48

Is it possible to use DTD entities with the scheme xs:string

3 Answers3