- From: Ville Skyttä <ville.skytta@iki.fi>
- Date: Thu, 10 Jun 2010 21:37:31 +0300
- To: "Dominique Hazael-Massieux" <dom@w3.org>
- Cc: public-qa-dev@w3.org
On Thursday 10 June 2010, Dominique Hazael-Massieux wrote: > Woulnd't the XML Parser option of "ext_ent_handler" be a way to do that > jailing? > http://search.cpan.org/dist/XML-LibXML/lib/XML/LibXML/Parser.pod#ext_ent_ha > ndler The code example there seems to suggest just that. Yes, that's one of the things I tried. I just did a quick test to refresh my memory, and the problem with that probably was (at least it is in my quick test) that the system id the ext_ent_handler subroutine receives is the one before catalog resolution has taken place so to use that for jailing we'd have to implement catalog stuff ourselves :( One problem with the XML::LibXML::InputCallback way documented next to ext_ent_handler is that *all* URIs, including the URI to the actual document to be parsed get passed to it, and that URI won't ever be within our sgml-lib jail. But it just occurred to me that this might not actually be a problem as we pass the doc to be validated as a string containing the document and not a filename/URI. I'll experiment more and report back.
Received on Thursday, 10 June 2010 18:38:01 UTC