When we set option complete_attributes or validation, it will also enable load_ext_dtd + doc updates

shlomif / perl-XML-LibXML

The XML-LibXML CPAN Distribution for Processing XML using the libxml2 library

https://metacpan.org/release/XML-LibXML

Other

17 stars 35 forks source link

When we set option complete_attributes or validation, it will also enable load_ext_dtd + doc updates #70

Closed thibaultduponchelle closed 1 year ago

thibaultduponchelle commented 2 years ago

Reopen #47

thibaultduponchelle commented 2 years ago

@gregoa

thibaultduponchelle commented 2 years ago

This PR now contains #69 (+ some more doc updates) and extends to validation.

Concerning validation, the behavior is aligned to xmllint where --valid is activating the load of external DTD.

thibaultduponchelle commented 2 years ago

According to me, this is the right way.

Having changed the defaults for security concerns is good but introduced some traps and breaking changes (since people are relying on default values that have changed, and I propose to set them implicitly in some cases, implicitly... but not behind users back!).

If you still hesitate, xmllint is aligned to this:

--dtdattr is doing --loaddtd + --dtdattr
--valid is doing --valid + --loaddtd

thibaultduponchelle commented 2 years ago

Hello @Grinnz

@shlomif advised to include you in this discussion, could you kindly please bring your expertise on this change?

Thank you a lot in advance 👍🏼 😃

Grinnz commented 2 years ago

Sorry, I don't know anything about DTD validation or what is appropriate in configuration