XmlReaderSettings.ProhibitDtd and select='document(...

I'm a relative newcomer to xml but I'm delighted in what I've been able
to achieve so far.

I have a transform that merges two documents that provides a simple,
elegant solution to a business problem. The documents now need to
support different language versions - English and German - and the first
set of documents have been returned from the translators. The german
versions contain a variety of entities such as ä

First, can I confirm that such characters are called character entities?

So my first problem: "Reference to undeclared entity auml" when I try to
load the document. I've resolved this by including:

<!DOCTYPE article [
<!ENTITY % HTMLlat1 PUBLIC "-//W3C//ENTITIES Latin 1 for XHTML//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml-lat1.ent">
%HTMLlat1;
]>

in my two documents.

Next I get: "For security reasons DTD is prohibited in this XML document."

Ok, solved that using:

XmlReaderSettings readerSettings = new XmlReaderSettings();
readerSettings.ProhibitDtd = false;

using (XmlReader reader = XmlReader.Create(filePath, readerSettings))
{
document1.Load(reader);
}

This is fine if the subsequent transform doesn't include:

<xsl:value-of select='document($template, .)/......'/>

If I do I get the "DTD is prohibited" exception, but this time it's the
name of the document in $template that is named in the exception.

I'm struggling with this and would appreciate any pointers. So, some
questions:

1. Why are DTDs a security risk?

2. Is there a schema equivalent of <!ENTITY % HTMLlat1 PUBLIC....... ?

3. Are there other ways to convince the XslCompiledTransform class to
process these documents?

Thanks for reading

Martin

Martin wrote:

Quote:

I'm a relative newcomer to xml but I'm delighted in what I've been able
to achieve so far.

I have a transform that merges two documents that provides a simple,
elegant solution to a business problem. The documents now need to
support different language versions - English and German - and the first
set of documents have been returned from the translators. The german
versions contain a variety of entities such as &auml;

First, can I confirm that such characters are called character entities?

&auml; is an entity reference, it references the entity auml that needs
to be declared.

Quote:

So my first problem: "Reference to undeclared entity auml" when I try to
load the document. I've resolved this by including:

!DOCTYPE article [
!ENTITY % HTMLlat1 PUBLIC "-//W3C//ENTITIES Latin 1 for XHTML//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml-lat1.ent"
%HTMLlat1;
]

in my two documents.

Quote:

1. Why are DTDs a security risk?

If you allow anyone to include a DTD the processing of the DTD can slow
your system.

Quote:

2. Is there a schema equivalent of <!ENTITY % HTMLlat1 PUBLIC....... ?

No.

Quote:

3. Are there other ways to convince the XslCompiledTransform class to
process these documents?

I think if you provide an XmlReader with XmlReaderSettings.ProhibitDtd
set to false as the first argument of the Transform method then the
document function too allows a DTD.

--

Martin Honnen --- MVP XML
http://JavaScript.FAQTs.com/