- From: Martin J. Duerst <duerst@w3.org>
- Date: Sat, 29 Jul 2000 08:00:59 +0900
- To: Kevin Regan <kevinr@valicert.com>, John Boyer <jboyer@PureEdge.com>, Jonathan Marsh <jmarsh@microsoft.com>, www-xml-linking-comments@w3.org
- Cc: w3c-ietf-xmldsig@w3.org, connolly@w3.org, Philippe Le Hegaret <plh@w3.org>
Hello Kevin, As far as I understand, you are concerned for a good reason. As far as I remember, the DOM specification allows to expose the entity structure or to not do so. Do you have any idea/data on which DOM implementations do the former, and which do the later? Any pointers are very welcome. Regards, Martin. At 00/07/27 14:30 -0700, Kevin Regan wrote: >I have no access to the XML processor. My library receives DOM Document >and Element objects when creating the signature. When verifying the >Signature a deligate to the user to find and parse the URI. I'm not >sure I totally understand the discussion that had taken place, but >I would say that I have no way of distinguishing which parts of >the source came from external entities, and forcing the user to >structure the DOM subtree that I am signing in a particular way is >a big no no. Currently, the only thing that my library requires >is that the user hand me a DOM Document or Element that has been >parsed with a validating parser (with ignorable whitespace not >included).
Received on Friday, 28 July 2000 18:56:30 UTC