Should schemas fetched via an HTTP redirect be trusted?

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

From: "Costello, Roger L." <costello@m...>
To: "xml-dev@l..." <xml-dev@l...>
Date: Mon, 29 Jun 2015 18:37:23 +0000

Hi Folks,

Thank you Liam for the excellent explanation.

Consider this scenario:

An XML Schema contains this xs:import element:

	<xs:import schemaLocation="http://www.example.com/book.xsd" />

At validation time the XML schema validator dereferences the URL in schemaLocation.

The web server at http://www.example.com returns an HTTP redirect (status code = 307) to this URL: http://www.elsewhere.com/book.xsd 

The HTTP layer that lies under, and is used by, the schema validator receives the redirect status code and then fetches the schema at http://www.elsewhere.com/book.xsd 

Should that fetched schema be trusted?

How do I know if the schema validator is actually using the right schemas?

Should schema validation ever be done using schemas that are not local?

/Roger

Follow-Ups:
- Re: Should schemas fetched via an HTTP redirect be trusted?
  - From: David Carlisle <d.p.carlisle@g...>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >