SDD bogus

Paul Prescod papresco at technologist.com
Fri May 8 15:17:43 BST 1998


Is the standalone document declaration bogus and perhaps dangerous? The
whole feature strikes me as over-complicated and over-specific for a
language like XML, but I'm aware of the historical processes that gave
rise to it.

My understanding of a typical usage scenario goes like this: a sender
creates a document. It creates it specifically so that it will be
standalone. It validates that this is the case (while it validates
everything else) and then it sends it to the receiver who hopes to consume
it without validating it. Things already strike me as a little bizarre,
because if your protocol is designed such that the consumer trusts the
receiver, then couldn't the SDD be implied in your out-of-band agreement?
Further, what do you do if the SDD is other than you expect? Halt the
parse and start again with a validating processor?

But that's not what I'm concerned about. I'm concerned because I believe
this to be a valid XML document:

<?xml version="1.0" standalone="yes"?> 
<!DOCTYPE MEMO SYSTEM "http://www.sgmlsource.com/memo.dtd" [ 
<!ENTITY % mess-everything-up SYSTEM "mess.ent">
<!ATTLIST MEMO SECURITY CDATA "TOP-SECRET">
]>
<MEMO></MEMO> 

In my opinion, section 5.1 will require the non-validating parser to skip
the attribute list declaration, even if memo.dtd is an empty file.
The receiver has no way of knowing that this case has occured if it uses a
"standard parser" (since XML's semantics are, for the moment at least,
imprecisely specified, I only know what that means intuitively ... SAX,
Lark, Expat, etc. would not give you enough information to detect this
case).

This to me suggest that applications cannot trust the SDD and it must
therefore be presumed to be meaningless.

But I'm glad to be proven wrong. Despite its reputation to the contrary,
XML is intricate and deep and I may have missed something important.

 Paul Prescod  - http://itrc.uwaterloo.ca/~papresco

Can we afford to feed that army, 
 while so many children are naked and hungry?
Can we afford to remain passive, 
 while that soldier-army is growing so massive?
  - "Gabby" Barbadian Calpysonian in "Boots"

xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/
To (un)subscribe, mailto:majordomo at ic.ac.uk the following message;
(un)subscribe xml-dev
To subscribe to the digests, mailto:majordomo at ic.ac.uk the following message;
subscribe xml-dev-digest
List coordinator, Henry Rzepa (mailto:rzepa at ic.ac.uk)




More information about the Xml-dev mailing list