[xmlsec] building without DTD validation support in libxml

Rich Salz rsalz at datapower.com
Thu May 12 08:36:54 PDT 2005


>   it's a requirement for an XPath *implementation* . You don't need a DTD
> to use XPath obviously. You need DTD parsing support to implement a
> conformant XPath implementation.

No, that's not my point.  The note in 5.2.1 says
	NOTE:  If a document does not have a DTD, then no element in the
	document will have a unique ID.

To me, this means that an XPath implementation cannot require a DTD. 
Yes, if the XML documents have DTD's in them, then you have to parse 
them.  But if you're working in an environment that says "no DTD's" 
(such as SOAP), then it would be "safe and legal" to #if 0 the DTD part 
of the code.  I thought this was the kind of thing the original poster 
wanted.

Yes, to be conforming XPath implementation (heck, to be a conforming XML 
parser), you must support DTD's.

	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html


More information about the xmlsec mailing list