- From: <bugzilla@wiggum.w3.org>
- Date: Fri, 13 Jan 2006 11:56:09 +0000
- To: public-qt-comments@w3.org
- Cc:
http://www.w3.org/Bugs/Public/show_bug.cgi?id=2711
Summary: [xqueryx] #) in pragma content
Product: XPath / XQuery / XSLT
Version: Candidate Recommendation
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: XQueryX
AssignedTo: jim.melton@acm.org
ReportedBy: davidc@nag.co.uk
QAContact: public-qt-comments@w3.org
The Xquery EBNF for pragma content is
[67] PragmaContents ::= (Char* - (Char* '#)' Char*))
However the schema just types xqx:pragmacontents as xs:string, and the
stylesheet doesn't enforce any restriction on #) so
This is a schema valid XqueryX file which translates to a valid, executable
Xquery expression:
<xqx:module xmlns:xqx="http://www.w3.org/2005/XQueryX">
<xqx:mainModule>
<xqx:queryBody>
<xqx:extensionExpr>
<xqx:pragma>
<xqx:pragmaName>a</xqx:pragmaName>
<xqx:pragmaContents> #){1},1+2,(#b</xqx:pragmaContents>
</xqx:pragma>
<xqx:argExpr>
<xqx:integerConstantExpr>
<xqx:value>1</xqx:value>
</xqx:integerConstantExpr>
</xqx:argExpr>
</xqx:extensionExpr>
</xqx:queryBody>
</xqx:mainModule>
</xqx:module>
which has meaning specified by the result of transforming with the stylesheet
which is
(# a #){1},1+2,(#b #){1}
which evaluates to the sequence 1 3 1 (assuming the pragma Qnames a and b are
unknown)
Of course the "1+2" above could be any Xquery expression and it means that an
XqueryX engine can not just use an XML parser but must be able to parse full
xquery syntax as well.
This could be fixed by adding a pattern facet to the schema or a check in the
stylesheet to give a fatal error if #) appears in xqx:pragmaContents
David
Received on Friday, 13 January 2006 11:56:22 UTC