[xmlsec] building without DTD validation support in libxml
veillard at redhat.com
Thu May 12 08:49:17 PDT 2005
On Thu, May 12, 2005 at 11:36:54AM -0400, Rich Salz wrote:
> > it's a requirement for an XPath *implementation* . You don't need a DTD
> >to use XPath obviously. You need DTD parsing support to implement a
> >conformant XPath implementation.
> No, that's not my point.
okay, I was surprized...
> The note in 5.2.1 says
> NOTE: If a document does not have a DTD, then no element in the
> document will have a unique ID.
> To me, this means that an XPath implementation cannot require a DTD.
I don't see an implementation requiring something about an instance,
I must be missing something...
> Yes, if the XML documents have DTD's in them, then you have to parse
> them. But if you're working in an environment that says "no DTD's"
> (such as SOAP), then it would be "safe and legal" to #if 0 the DTD part
> of the code.
"an environment that says "no DTD's""
I dislike this kind of deviation. Then what happen if you have a DTD,
of if you happen to reuse that building block for something else...
Classic example in libxml2 terms and using something else to avoid
hurting anyone sensibility:
- processing formating text node is a waste of time
- calling xmlKeepBlanksDefault(0) in the code, since obviously those
text nodes are just annoyance
- plug the code in an Apache module mod_bar
- some time later someone else use mod_foo libxml2 based Apache module
- of course both modules use the same shared library
- ohh libxml2 is not parsing correctly the XML in mod_foo, let's make
a bug report about it.
Disabling the DTD code in libxml2 will gain you 10KB, this may be
worth or not depending on your environment. The time spent debugging
side effects X months later when you happen to reuse the library for
something else must be taken into account.
> I thought this was the kind of thing the original poster
Yes, there is a trade off, and unless he's really doing embedded work
with serious footprint constraints, then in general that will not be worth
it in my opinion.
Daniel Veillard | Red Hat Desktop team http://redhat.com/
veillard at redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
More information about the xmlsec