XML vs the Dreaded Whitespace

David Megginson ak117 at freenet.carleton.ca
Thu Dec 11 11:35:21 GMT 1997

Chris Smith writes:

 > There are two questions at hand, largely directed at those creating
 > parsers. I'd like to know if the application requirements we are
 > proposing ("what to do with the document") are going to be incredibly
 > difficult to manage, given what the parsers are providing. I confess
 > I'm just getting started here - I will get to investigating the
 > various parsers. For now the questions may be useful anyway.
 > The first criteria is that message authentication is applied to an
 > element in the document. This is a start to precisely defining what is
 > being checked. The second criteria is that the message authentication
 > must be applied to the XML document as represented in UTF-16 encoding,
 > with big-endian convention, AS IT IS WRITTEN. This is to prevent us
 > having to specify a consistent *internal* representation. The XML spec
 > itself helps define a consistent *external* representation, which we
 > figure is easier to stick with than dealing with all the
 > cross-platform issues. The question: can this readily be dealt with?
 > Is it straight-forward to ask for MessageAuthentication over
 > <element>...</element>, with all the content included?

It would be possible to use a parser to do authentication by
generating checksums based on a normalised version of each element,
but not to do it based on the external representation.  Right now,
parsers must report whitespace in mixed content and sort-of report it
in element content (yech).  There is no requirement to report
whitespace within markup, however.

As a result, parsers are very unlikely to report any difference
between the following two examples (assuming that the "idrefs"
attribute is declared as IDREFS in the DTD):

Example 1:

  <link idrefs="foo bar">This is a link.</link>

Example 2:

  idrefs       =   "foo 

  bar">This is a link.</link>

There are many other problems too, include comments, whitespace
outside of the document element, etc., etc.

I'd recommend that you do your checksum validation on any files that
you have transmitted _before_ you parse them; that way, you can use
existing software (it doesn't have to be XML-aware).

All the best,


David Megginson                 ak117 at freenet.carleton.ca
Microstar Software Ltd.         dmeggins at microstar.com

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/
To (un)subscribe, mailto:majordomo at ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo at ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa at ic.ac.uk)

More information about the Xml-dev mailing list