[
Lists Home |
Date Index |
Thread Index
]
>> Now suppose I change example.xml to:
>>
>> <bar xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xsi:noNamespaceSchemaLocation="bar.xsd"/>
>>
>> where bar.xsd is:
>>
>> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
>>
>> <xs:element name="bar">
>> <xs:complexType/>
>> </xs:element>
>>
>> </xs:schema>
>>
>> Is there also some way to tell MSXML not to allow the
>> instance to provide additional schemas so that this would be
>> detected as invalid as well?
>>
>
> Oops, forgot to answer this.
>
> Since xsi:noNamespaceSchemaLocation is a hint, it can be ignored at the
> discretion of the implementation. MSXML ignores the namespace location
> in the instance document if
>
> A.) No validation is requested by the user either via setting
> validateOnParse property or invoking the validate() method.
>
> OR
>
> B.) A schema is provided by the user via an XML Schema Cache for
> validating the document.
So, are you saying that the answer to my question is basically "no", since
there is always the possibility that the root element of the instance will
use a namespace not in the schema cache?
If that's so, although it's perfectly conformant, it seems like a fairly
major potential security/robustness hole. Suppose an application is trying
to use validation to protect itself from bad input. It carefully loads the
schema cache with the namespaces it knows about, and calls validate(). Now
the bad guy comes along and uses a root element from some other namespace
and uses xsi:schemaLocation to point to his own schema that that has a
declaration for that element and uses <xs:any namespace="##any"
processContents="skip"/>. Won't they just have almost completely
undermined any protection that was supposed to come from validation?
James
|