[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Should schemas fetched via an HTTP redirect be trusted?
Hi Folks, Thank you Liam for the excellent explanation. Consider this scenario: An XML Schema contains this xs:import element: <xs:import schemaLocation="http://www.example.com/book.xsd" /> At validation time the XML schema validator dereferences the URL in schemaLocation. The web server at http://www.example.com returns an HTTP redirect (status code = 307) to this URL: http://www.elsewhere.com/book.xsd The HTTP layer that lies under, and is used by, the schema validator receives the redirect status code and then fetches the schema at http://www.elsewhere.com/book.xsd Should that fetched schema be trusted? How do I know if the schema validator is actually using the right schemas? Should schema validation ever be done using schemas that are not local? /Roger
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|