search

struts-community-plugins / struts2-jquery

Struts2 jQuery Plugin
Apache License 2.0
83 stars 49 forks source link

Update struts2 DTD to 6.0 #339

Closed nikosdimitrakas closed 1 year ago

nikosdimitrakas commented 1 year ago

The DOCTYPE definition in all struts-plugin.xml seems to not have been updated to the new one. According to Struts 2 migration, the old DTD

<!DOCTYPE struts PUBLIC
        "-//Apache Software Foundation//DTD Struts Configuration 2.5//EN"
        "http://struts.apache.org/dtds/struts-2.5.dtd">

should be changed to 

<!DOCTYPE struts PUBLIC
        "-//Apache Software Foundation//DTD Struts Configuration 6.0//EN"
        "https://struts.apache.org/dtds/struts-6.0.dtd">

for any version 6.x

Since the version compatibility at https://github.com/struts-community-plugins/struts2-jquery says that versions 5.x are compatible with struts2 v6.x, the DTD:s should be updated.

lukaszlenart commented 1 year ago

Does it cause any issues? A new DTD is needed when using a new functionality like <bean-selection/>, in other case is not needed.

nikosdimitrakas commented 1 year ago

We have not seen any issues. I just thought it should be fixed to be harmonious across all struts components and plugins.

lukaszlenart commented 1 year ago

It's not needed, all the DTDs are already embedded and supported https://github.com/apache/struts/blob/master/core/src/main/java/org/apache/struts2/config/StrutsXmlConfigurationProvider.java#L84-L90

nikosdimitrakas commented 1 year ago

Even if it is not needed, when we develop with struts and some plugins, it feels safer when all of them have the same DTD version. It gives a sense of security to know that they are not mixed, which indicates that the selected versions are compatible with each other. Otherwise, one may start wondering if the maven versions of the different parts are incompatible. Is there some backward compatibility issue that makes you want to keep the plugin to the old DTD version?

lukaszlenart commented 1 year ago

There is no security issue at all, DTDs are used to validate XML structure which must be aligned to a given version of DTD. You can compare this to class inheritance and where a child class extends a parent class - yet this isn't possible with DTDs (inheritance), so we use such trick (btw. this is a common practise among any other library which supports multiple DTD versions).

Anyway, I see your point and we will upgrade DTDs and probably remove some older one.