1

I have an XML file that is passed to a XML parser, I need to load content from external resource like the following: 

<!DOCTYPE foo [<!ELEMENT foo ANY >
<!ENTITY data SYSTEM "file:///d:/data.txt" >]>
<component id="200">
  <![CDATA[&data;]]>
</component>

I want the data to be written inside the CDATA tag, however, this just introduces <![CDATA[&data;]]> and the external resource data is never fetched because of CDATA tag considered as comment I guess.

The data must be inside CDATA tag to be accepted. How can this be achieved?

Thanks!

user00239123
  • 270
  • 4
  • 16
  • Please [edit] your question to include the source code you have to read/parse the XML document and how you read the data from the `` tag. Also add the language tag of the programming language you are using. – Progman Jul 18 '19 at 20:30
  • Be careful about expanding the entities because of an attack named [Billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack). – Progman Jul 18 '19 at 20:32
  • I don't have control over the XML paraser, it's an API that takes the XML from me and the data file is located somewhere in the server that I can upload files to. – user00239123 Jul 18 '19 at 20:34
  • By definition, everything inside a `<![CDATA[...]]>` doesn't get "parsed". So when you write `<![CDATA[&data;]]>` you have the string value `"&data;"`. But since you are providing the XML you can insert the data before sending it to the API. – Progman Jul 18 '19 at 20:43
  • I can't, the data is located on the API server and only the API server can access it. It's uploaded there by various users. Is there a way to wrap something inside a CDATA tag using XML? – user00239123 Jul 18 '19 at 20:48

1 Answers1

1

Your requirements seem self-contradictory. The whole point of <![CDATA[ ... ]]> is that everything within the brackets (except for ]]>) is treated as regular character data, not as markup. If you want to use entity references like &data; that's fine, but putting them in a CDATA section is an explicit instruction to the XML parser to ignore them.

Michael Kay
  • 156,231
  • 11
  • 92
  • 164