- From: C. M. Sperberg-McQueen <cmsmcq@blackmesatech.com>
- Date: Thu, 30 Apr 2009 11:11:26 -0600
- To: "Costello, Roger L." <costello@mitre.org>
- Cc: "C. M. Sperberg-McQueen" <cmsmcq@blackmesatech.com>, "'xmlschema-dev@w3.org'" <xmlschema-dev@w3.org>
On 29 Apr 2009, at 11:20 , Costello, Roger L. wrote: > > It's my understanding that a 1.1 schema validator will strip out the > second Book: > > <?xml version="1.0"?> > <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" > xmlns:vc="http://www.w3.org/2007/XMLSchema-versioning" > targetNamespace="http://www.books.org" > elementFormDefault="qualified"> > > <xs:element name="BookStore"> > <xs:complexType> > <xs:sequence> > <xs:element name="Book" maxOccurs="unbounded" > vc:minVersion="1.1" vc:maxVersion="3.2"> > ... > </xs:element> > <xs:element name="Book" maxOccurs="unbounded" > vc:minVersion="3.2"> > ... > </xs:element> > </xs:sequence> > </xs:complexType> > </xs:element> > </xs:schema> > > > Correct? I believe so. > > Since the 1.1 schema validator strips out the second Book, I figure > that I should be able to put any crazy elements I want in there. For > example, here I invent a new element that I call "new": > > > <?xml version="1.0"?> > <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" > xmlns:vc="http://www.w3.org/2007/XMLSchema-versioning" > targetNamespace="http://www.books.org" > elementFormDefault="qualified"> > <xs:element name="BookStore"> > <xs:complexType> > <xs:sequence> > <xs:element name="Book" maxOccurs="unbounded" > vc:minVersion="1.1" vc:maxVersion="3.2"> > ... > </xs:element> > <xs:element name="Book" maxOccurs="unbounded" > vc:minVersion="3.2"> > <xs:new> > ... > </xs:new> > </xs:element> > </xs:sequence> > </xs:complexType> > </xs:element> > </xs:schema> Right. If XSD 3.2 and higher introduce a 'new' element, it will look to a 1.1 processor pretty much like a random unknown element. So the mechanisms introduced to allow a 1.1 processor to tolerate schema documents containing things introduced by later versions of the spec can also be used to make it tolerate (at least for some sense of the word 'tolerate' -- it does strip them out) random unknown elements. People concerned with preventing the use of covert information channels, or with exploiting them, may see a potential covert channel here, in addition to the existing channels for non-XSD information like appInfo. > However, when I run this schema using a 1.1 validator (SAXON) I get > an error message saying <xs:new> is not allowed within <xs:element>. > > > Why? > > > > It seems to me, SAXON should never have seen <xs:new>. > > Would you clarify this for me please? As I read the documentation on the Saxon site, at http://www.saxonica.com/documentation/schema-processing/schema11.html Saxon does not claim to be a conforming 1.1 processor, but only to have implemented some 1.1 features, which can be activated using the -xsdversion:1.1 flag. Conditional inclusion and the vc attributes aren't listed as 1.1 features supported in the current version of Saxon. I imagine they will be along eventually; I assume that the scheduling of work on new features of Saxon is governed by a subtle interaction among technical interest, technical difficulty, expressed interest among paying customers, and personal whim, er, judgement. I hope this helps. -- **************************************************************** * C. M. Sperberg-McQueen, Black Mesa Technologies LLC * http://www.blackmesatech.com * http://cmsmcq.com/mib * http://balisage.net ****************************************************************
Received on Thursday, 30 April 2009 17:12:06 UTC