[xmlsec] building without DTD validation support in libxml

Daniel Veillard veillard at redhat.com
Thu May 12 08:49:17 PDT 2005

On Thu, May 12, 2005 at 11:36:54AM -0400, Rich Salz wrote:
> >  it's a requirement for an XPath *implementation* . You don't need a DTD
> >to use XPath obviously. You need DTD parsing support to implement a
> >conformant XPath implementation.
> No, that's not my point.

  okay, I was surprized...

> The note in 5.2.1 says
> 	NOTE:  If a document does not have a DTD, then no element in the
> 	document will have a unique ID.
> To me, this means that an XPath implementation cannot require a DTD. 

 I don't see an implementation requiring something about an instance,
 I must be missing something...

> Yes, if the XML documents have DTD's in them, then you have to parse 
> them.  But if you're working in an environment that says "no DTD's" 
> (such as SOAP), then it would be "safe and legal" to #if 0 the DTD part 
> of the code.

  "an environment that says "no DTD's"" 
I dislike this kind of deviation. Then what happen if you have a DTD,
of if you happen to reuse that building block for something else...

Classic example in libxml2 terms and using something else to avoid
hurting anyone sensibility:
   - processing formating text node is a waste of time
   - calling xmlKeepBlanksDefault(0) in the code, since obviously those
     text nodes are just annoyance
   - plug the code in an Apache module mod_bar
   - some time later someone else use mod_foo libxml2 based Apache module
   - of course both modules use the same shared library
   - ohh libxml2 is not parsing correctly the XML in mod_foo, let's make
     a bug report about it.

 Disabling the DTD code in libxml2 will gain you 10KB, this may be 
worth or not depending on your environment. The time spent debugging 
side effects X months later when you happen to reuse the library for
something else must be taken into account.

> I thought this was the kind of thing the original poster 
> wanted.

  Yes, there is a trade off, and unless he's really doing embedded work
with serious footprint constraints, then in general that will not be worth
it in my opinion.


Daniel Veillard      | Red Hat Desktop team http://redhat.com/
veillard at redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

More information about the xmlsec mailing list