OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] Should schemas fetched via an HTTP redirect be trusted?

On 29 June 2015 at 19:37, Costello, Roger L. <costello@mitre.org> wrote:
> Hi Folks,

> Should schema validation ever be done using schemas that are not local?
> /Roger

There isn't really any notion of local, you can only specify a
(possibly relative) URI.

Whether you have a relative or absolute URI it still (in most
frameworks) passes through
a configurable URI resolver that can return anything it wants for any URI.

At some point you have to trust something.

And why pick on schema validation for this question?
the XML document that you are validating has in many cases come from a similar
URI resolution process, so if you don't trust your URI resolver you
are validating
unknown input with an unknown schema.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS