OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   The J2ME pseudo-XML botch

[ Lists Home | Date Index | Thread Index ]
  • To: XML Dev <xml-dev@lists.xml.org>
  • Subject: The J2ME pseudo-XML botch
  • From: Tim Bray <tbray@textuality.com>
  • Date: Sat, 22 Feb 2003 09:10:19 -0800
  • User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2.1) Gecko/20021130

Text of a feedback note I just sent to the community-feedback address, 
cc Jon Ellis, the Sun guy who posted here:
I understand the proposed XML parsing facility in J2ME accepts not XML 
but a nonstandard subset which does not allow for the DOCTYPE 
declaration.  It's OK to define a custom language for your own purposes, 
but it's not OK at all to use the term "XML" in describing it; this term 
is very precisely defined and is legally protected by the World Wide Web 
Consortium; anyone who offers software with XML in the name which is 
deliberately non-conformant to the specification is putting themselves 
in a very shaky position both legally and technically.   I am not 
speaking for the W3C but if Java continues in this misguided direction I 
will pro-actively start taking measures to protect the integrity of the 
term "XML" via the W3C and public advocacy.

On a technical front, and speaking as the author of the first-ever XML 
Parser in the Java language (non-validating), which had a bytecode 
footprint of less than 50k, I found that the code footprint caused by 
parsing the DTD was negligable.  Now, external entity processing is 
expensive, but there is no requirement to do that.   There is no 
requirement to fetch/process the external subset. Processing the 
internal subset does create an opening to the "billion laughs" DOS 
attack, but it would be perfectly reasonable to implement self-defense 
against that with a simple limit on the size of the internal entity 
stack, which would cost about one line of code.

On the larger front, XML has succeeded quite remarkably in providing 
interoperability to a degree not observed in other data interchange 
facilities.  There are indeed many programmers who read the XML spec or 
one of the 30 shelf-feet of books now on sale explaining it, and bash 
out software, and use MSIE or expat or something to sanity-check it, and 
send it out into the world.  If J2ME advertises a nonstandard subset as 
"XML", this is a recipe for an interoperability disaster.

Tim Bray
  - co-editor, XML 1.0
  - co-editor, Namespaces in XML
  - member, W3C Technical Advisory Group


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS