W3C home > Mailing lists > Public > public-xml-core-wg@w3.org > March 2006

Re: Appling inheritance rule to xml:base, was Re: FINAL minutes for the XML

From: John Boyer <boyerj@ca.ibm.com>
Date: Mon, 6 Mar 2006 09:50:05 -0800
To: daniel@veillard.com
Cc: daniel@veillard.com, "Henry S. Thompson" <ht@inf.ed.ac.uk>, public-xml-core-wg@w3.org, public-xml-core-wg-request@w3.org
Message-ID: <OF0F558A0D.7CAFE90E-ON88257129.00619AC6-88257129.0061F8C7@ca.ibm.com>
Hi Daniel,

I think I missed something. 

I am saying that when we *do* copy xml:base, it is *not* going to break 
anything, and that we were requested to write the spec so that xml:base 
*would* be included in this process because the authors of xml:base found 
it useful. 

But you say that "Copying the xml:base when we know it's likely to break 
should then not be done"
Can you provide an example where copying the xml:base breaks something?
I have not found such an example before...

Thanks,
John M. Boyer, Ph.D.
Senior Product Architect/Research Scientist
Co-Chair, W3C XForms Working Group
Workplace, Portal and Collaboration Software
IBM Victoria Software Lab
E-Mail: boyerj@ca.ibm.com  http://www.ibm.com/software/

Blog: http://www.ibm.com/developerworks/blogs/boyer





Daniel Veillard <daniel@veillard.com> 
Sent by: public-xml-core-wg-request@w3.org
03/06/2006 08:46 AM
Please respond to
daniel


To
John Boyer/CanWest/IBM@IBMCA
cc
daniel@veillard.com, "Henry S. Thompson" <ht@inf.ed.ac.uk>, 
public-xml-core-wg@w3.org, public-xml-core-wg-request@w3.org
Subject
Re: Appling inheritance rule to xml:base, was Re: FINAL  minutes for the 
XML







On Mon, Mar 06, 2006 at 07:58:18AM -0800, John Boyer wrote:
> But again, it's not a security problem that arises *because* of the 
> inheritance rule. 
> It is an orthogonal security problem, and an extreme edge case, that 
> authors could 
> experience if they *express* an xml:base (non-inherited) on a node
> *and* it is orphaned by a filter *and* the xml:base contains a relative 
> URI.
> 
> While the inheritance rule has nothing to do with addressing this 
problem 
> (whether it should
> be addressed notwithstanding), the inheritance rule does remove a 
certain 
> number of other
> security issues, so there is certainly no harm in retaining it.

  Copying the xml:base when we know it's likely to break should then not
be done, I think it's better to let the user fully handle the case
than handle it half way leading to deceiving expectations.
  I really don't think xml:base should be copied by default processing
of c14n if we don't do it in a sematically correct way.

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | 
Received on Monday, 6 March 2006 17:50:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:33 GMT