Closed thibaultduponchelle closed 1 year ago
@gregoa
This PR now contains #69 (+ some more doc updates) and extends to validation.
Concerning validation, the behavior is aligned to xmllint
where --valid
is activating the load of external DTD.
According to me, this is the right way.
Having changed the defaults for security concerns is good but introduced some traps and breaking changes (since people are relying on default values that have changed, and I propose to set them implicitly in some cases, implicitly... but not behind users back!).
If you still hesitate, xmllint
is aligned to this:
--dtdattr
is doing --loaddtd
+ --dtdattr
--valid
is doing --valid
+ --loaddtd
Hello @Grinnz
@shlomif advised to include you in this discussion, could you kindly please bring your expertise on this change?
Thank you a lot in advance 👍🏼 😃
Sorry, I don't know anything about DTD validation or what is appropriate in configuration
Reopen #47