OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Should schemas fetched via an HTTP redirect be trusted?

Hi Folks,

Thank you Liam for the excellent explanation.

Consider this scenario:

An XML Schema contains this xs:import element:

	<xs:import schemaLocation="http://www.example.com/book.xsd"; />

At validation time the XML schema validator dereferences the URL in schemaLocation.

The web server at http://www.example.com returns an HTTP redirect (status code = 307) to this URL: http://www.elsewhere.com/book.xsd 

The HTTP layer that lies under, and is used by, the schema validator receives the redirect status code and then fetches the schema at http://www.elsewhere.com/book.xsd 

Should that fetched schema be trusted?

How do I know if the schema validator is actually using the right schemas?

Should schema validation ever be done using schemas that are not local?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS