[oXygen-user] more problems with xml-model processinginstruction

Thu Nov 24 07:23:22 CST 2011

I really hope you escape $_GET variables.

D.

> -----Original Message-----
> From: oxygen-user-bounces at oxygenxml.com 
> [mailto:oxygen-user-bounces at oxygenxml.com] On Behalf Of Radu Coravu
> Sent: Thursday, November 24, 2011 10:45 AM
> To: oxygen-user at oxygenxml.com
> Subject: Re: [oXygen-user] more problems with xml-model 
> processinginstruction
> 
> Hi Tara,
> 
> I made some tests with Oxygen 13.1 and the application seems 
> to correctly unescape the entities in the xml-model value 
> before passing the information to the validator.
> 
> In my test I used an XML file with the content:
> 
> > <?xml-model 
> > href="http://devel-new.sync.ro/~test/testAmp.php?a=b&amp;c=el3" 
> > type="application/xml" 
> > schematypens="http://www.w3.org/2001/XMLSchema"?>
> > <root></root>
> 
> which used for validation a simple PHP script located on our 
> web server with the content:
> 
> > <?php
> >  echo "<xs:schema 
> xmlns:xs='http://www.w3.org/2001/XMLSchema' 
> elementFormDefault='qualified'>
> >     <xs:element name='root'>
> >         <xs:complexType>
> >             <xs:sequence>
> >                 <xs:element name='";
> > echo $_GET["c"];
> > echo "'/>
> >             </xs:sequence>
> >         </xs:complexType>
> >     </xs:element>
> > </xs:schema>";
> > ?>
> 
> So the PHP script returned a slightly different XML Schema 
> depending on the value of the "c" GET parameter.
> 
> Changing the value of the "c" parameter directly in the XML 
> changed the error received from the Xerces parser.
> 
> Could you give me a simple example which shows the problem on 
> your side?
> 
> Regards,
> Radu
> 
> Radu Coravu
> <oXygen/>  XML Editor, Schema Editor and XSLT Editor/Debugger 
> http://www.oxygenxml.com
> 
> 
> On 11/24/2011 5:29 AM, Tara Athan wrote:
> > In Oxygen 12.2&  13.1:
> > If the value of the @href attribute of an xml-model processing 
> > instruction is a URL with query string, the ampersands in the query 
> > string must be replaced with&amp; to avoid an error. This is as it 
> > should be.
> >
> > BUT when the attribute value is then used to obtain the schema, it 
> > appears that the&amp; entities are not converted back to&, 
> leading to 
> > errors in resolving the URL.
> >
> >
> >
> > Tara
> > _______________________________________________
> > oXygen-user mailing list
> > oXygen-user at oxygenxml.com
> > http://www.oxygenxml.com/mailman/listinfo/oxygen-user
> >
> _______________________________________________
> oXygen-user mailing list
> oXygen-user at oxygenxml.com
> http://www.oxygenxml.com/mailman/listinfo/oxygen-user
> 
> 
Dit bericht is afkomstig van De Telefoongids BV en uitsluitend bestemd voor de geadresseerde. Dit bericht kan vertrouwelijke informatie bevatten. Als u dit bericht per abuis hebt ontvangen, dan wordt u verzocht de afzender te informeren en het bericht en eventuele bijlagen te vernietigen. 

Communicatie via Internet is niet beveiligd. De Telefoongids BV aanvaardt geen aansprakelijkheid voor wijzigingen in de inhoud van het bericht en eventuele bijlagen, onrechtmatige openbaarmaking ervan jegens derden of schade als gevolg van gebruik van e-mailcommunicatie.

De Telefoongids BV is gevestigd te Amsterdam (Handelregister nr. 27198207).

----------------------------------------------------------------------------------------------------------------------------

This message is sent from De Telefoongids BV and is intended only for use by the recipient. It may contain confidential information. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments.

Internet communications are not secure. De Telefoongids BV does not accept any liability for mutilations to the contents of this message and attachments thereto, if any, unlawful disclosure thereof to third parties, or damage resulting from the use of e-mail communications.

De Telefoongids BV is a private limited company with its seat in Amsterdam (Trade Register no. 27198207).