Bug#702225: xalan: can't transform XHTML files
There are a couple of things happening here. First, the Xalan homepage[1] has the following to say about catalogs - "The Xalan comman[d]-line transformation program does not deploy an OASIS catalog or perform other security measures. URLs are resolved using the system directory of the local machine and DNS to resolve host locations." and also "A future release of the Xalan command-line transformation program may include support for an OASIS entity resolver catalog." So, if the DTDs and XSDs aren't in your system directory, Xalan will fetch them from the network every time they're needed. Second, the W3C actively tries to discourage that kind of program behavior, and have configured their webservers to return errors under certain circumstances in order to try to curb it. [2],[3] In fact, my testing for this bug had results very similar to [3] - I was able to fetch the DTD from my browser or via wget with no problems. But trying to do it from Xerces or Xalan failed consistently. Just to be sure, I then put a copy of the DTDs on one of my servers and updated the xhtml doctype to reference that location instead, and Xalan worked as expected, even with the remote DTDs. So this doesn't appear to be a defect, but rather, a missing feature. As such, I'm switching the severity to "wishlist" [1] https://xalan.apache.org/xalan-c/ [2] http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic/ [3] http://lists.w3.org/Archives/Public/site-comments/2010Nov/0017.html signature.asc Description: Digital signature
Bug#702225: xalan: can't transform XHTML files
On Mon, Jun 17, 2013 at 05:44:13PM +0200, Vincent Lefevre wrote: > On 2013-06-17 11:45:37 +0200, Vincent Lefevre wrote: > > > > I disagree. It could have been seen as a wishlist in the past, but > > since getting the local versions of the DTD's is now *required* in > > practice for some standard formats, this should now be seen as a > > real bug. I understand. > > In case this wasn't clear (after some discussion on identi.ca), the > DTD is installed locally (via its Debian package). If for some reason, > xalan can't find it, there should be some documentation about the > required location. Otherwise the user cannot guess! It wasn't, thanks. I did some additional testing, and a lot of tracing through the Xalan and Xerces code. Based on this, I don't believe that Xalan will use the local copies at all. It seems that a DOCTYPE containing a fully qualified HTTP URL will always be fetched directly from the URL, without checking for local copies. So it's not that Xalan can't find the locally installed DTDs, it's that it doesn't use them at all. Which goes back to the lack of support for catalogs that I referenced in my earlier post. At this point, I think the best course of action is to foward this upstream. signature.asc Description: Digital signature
