Is Saxon susceptible to XXE attacks? - saxon

When we load an XML file to then make XPath 2.0 queries on it, will an XXE file in the XML be processed?
And if so, is there any way to turn that off?

XXE is an XML parser vulnerability and Saxon does not do XML parsing itself, it invokes whatever parser you configure it to use (there are defaults of course). You have full control over what XML parser Saxon uses and how that parser is configured. Details depend on what platform and API you are using.

Related

document language meta not included by default

I'm playing with Apache Tika (1.13) and noticed that the language tag not is included for any of the documents that I run through tika-app --metadata.
What is the proper way to include/force language detection for all documents? Is it possible to do though configuration or may be I have to add a new parser adding this meta data, or override an existing parser in the chain?
Thanks!

Puppet: Is there any way to parse XML in puppet template file

I am now using json data to fill my puppet templates. I want know that is there any way to parse a xml inside puppet template.
Also there is an additional issue. I am using external facts to take data from the agent to the master. Basically what I am doing is taking my data as a string and parse it to a json inside my template. I want to parse my string into xml ( I will send data in correct format).
Regards,
Malintha
Puppet has no native XML support.
As for the eRuby templates - those appear to require external libraries to deserialize XML.

Parsing XSD using Xerces

I need to parse a generic XSD and create sample XMLs conforming to the XSD. I am using Xerces for Java.
Does Xerces provide support for parsing XSD or do i have to parse it as a regular XML ? If theres support in Xerces, how do i do it?
Also could someone point to way/technique by which i can create all possible XMLs conforming to an XSD.
if possible please share code link or code snippet.
Thanks.
I am not sure which programming language you want to use but assuming Java, you can use XSOM or JaxMe to parse XSD's. You can extract the schema information and then generate the xml's based on the parsed meta data. Or check if XIG: Xml Instance Generator meets your requirement.

How to upgrade an MSXML Document from version 1 to verison 6?

My application uses MSXML version 1 (MSXML.DOMDocument) to store user documents in XML format.
I want to upgrade to MSXML6 (Msxml2.DOMDocument.6.0). The problem is that old documents are not always readable with the new version.
The cause of this is that the old MSXML parser does not correctly encodes non-Latin character as UTF-8, and the new parser refuses to load these document.
My question - how can I read / convert my customers' existing files to be readable in MSXML6?
It is really a good idea to fix those old xml files with correct encoding. In fact, a W3C conformant xml parser is expected to choke when handling this kind of xml files.
As far as I know, MSXML does not provide functionality to fix the encoding for old xml files.
To fix the encoding, you can do it manually with Notepad++ (choose the actual encoding, and then convert to utf-8), or convert programmatically if you are sure of the original encoding, e.g. ANSI in your case. There should be いろいろ sample codes over the internet.

XMl Data into String in blackberry

Read the contents of an local XML file in an application and get the whole contents of xml file into a string for blackberry application?
To create a string from a local file see this blackberry forum entry: Open txt file from mediacard
Assuming you want to use the data within the XML, I would recommend using a XML parser rather than string manipulation. The following links should get you going with XML parsers and explain some of the trade-offs:
Blackberry How To - Use the XML Parser
Parsing XML in J2ME
Add XML parsing to your J2ME applications
If, however, you have any say about the format used JSON might be a good alternative. JSON is easy for machines to parse (thus using fewer resources) and it's human readable.
I have found using a SAXParser and subclassing DefaultHandler has worked well. Allows to go element by element.

Resources