XML 验证不验证功能
XML Validation does not validate features
我想根据外部 XSD 描述验证 XML 文件。这是从我的 XSD
创建的 Schema
对象
private static Schema xmlSchema;
try {
SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
String FEATURE= "";
// forbid DOCTYPE
FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
factory.setFeature(FEATURE, true);
xmlSchema = factory.newSchema(new File(XML_XSD_SCHEME));
} catch (Exception e) {
}
此外,我创建了 validateXMLSchema
静态方法,它负责验证 XML 个文件:
public static boolean validateXMLSchema(String xmlPath) {
if (xmlSchema == null) {
return false;
}
InputStream inputStream = null;
try {
URL xmlFileURL = new File(xmlPath).toURI().toURL();
inputStream = xmlFileURL.openStream();
SAXSource saxSource = new SAXSource(new InputSource(inputStream));
Validator validator = xmlSchema.newValidator();
String FEATURE ="";
// disallow DOCTYPE
FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
validator.setFeature(FEATURE, true);
//forbid external Entity
FEATURE ="http://xml.org/sax/features/external-general-entities";
validator.setFeature(FEATURE, false);
//forbid external parameters
FEATURE ="http://xml.org/sax/features/external-parameter-entities";
validator.setFeature(FEATURE, false);
validator.validate(saxSource);
} catch (Exception e) {
return false;
} finally {
try {
inputStream.close();
} catch (IOException e) {
}
}
return true;
}
问题是,即使我在 XML 文件 <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY......
中添加了外部实体定义,
validateXMLSchema
方法 returns true
。
谁能帮帮我?
我猜您希望将这些功能应用于读取 XML 文档的 SAX 解析器。尝试创建一个新的 XMLReader
并在将 SAXSource
传递给 Validator
之前显式配置它:
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setNamespaceAware(true);
XMLReader reader = spf.newSAXParser().getXMLReader();
String FEATURE ="";
// disallow DOCTYPE
FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
reader.setFeature(FEATURE, true);
//forbid external Entity
FEATURE ="http://xml.org/sax/features/external-general-entities";
reader.setFeature(FEATURE, false);
//forbid external parameters
FEATURE ="http://xml.org/sax/features/external-parameter-entities";
reader.setFeature(FEATURE, false);
SAXSource saxSource = new SAXSource(reader, new InputSource(inputStream));
Validator validator = xmlSchema.newValidator();
validator.validate(saxSource);
我想根据外部 XSD 描述验证 XML 文件。这是从我的 XSD
创建的Schema
对象
private static Schema xmlSchema;
try {
SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
String FEATURE= "";
// forbid DOCTYPE
FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
factory.setFeature(FEATURE, true);
xmlSchema = factory.newSchema(new File(XML_XSD_SCHEME));
} catch (Exception e) {
}
此外,我创建了 validateXMLSchema
静态方法,它负责验证 XML 个文件:
public static boolean validateXMLSchema(String xmlPath) {
if (xmlSchema == null) {
return false;
}
InputStream inputStream = null;
try {
URL xmlFileURL = new File(xmlPath).toURI().toURL();
inputStream = xmlFileURL.openStream();
SAXSource saxSource = new SAXSource(new InputSource(inputStream));
Validator validator = xmlSchema.newValidator();
String FEATURE ="";
// disallow DOCTYPE
FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
validator.setFeature(FEATURE, true);
//forbid external Entity
FEATURE ="http://xml.org/sax/features/external-general-entities";
validator.setFeature(FEATURE, false);
//forbid external parameters
FEATURE ="http://xml.org/sax/features/external-parameter-entities";
validator.setFeature(FEATURE, false);
validator.validate(saxSource);
} catch (Exception e) {
return false;
} finally {
try {
inputStream.close();
} catch (IOException e) {
}
}
return true;
}
问题是,即使我在 XML 文件 <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY......
中添加了外部实体定义,
validateXMLSchema
方法 returns true
。
谁能帮帮我?
我猜您希望将这些功能应用于读取 XML 文档的 SAX 解析器。尝试创建一个新的 XMLReader
并在将 SAXSource
传递给 Validator
之前显式配置它:
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setNamespaceAware(true);
XMLReader reader = spf.newSAXParser().getXMLReader();
String FEATURE ="";
// disallow DOCTYPE
FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
reader.setFeature(FEATURE, true);
//forbid external Entity
FEATURE ="http://xml.org/sax/features/external-general-entities";
reader.setFeature(FEATURE, false);
//forbid external parameters
FEATURE ="http://xml.org/sax/features/external-parameter-entities";
reader.setFeature(FEATURE, false);
SAXSource saxSource = new SAXSource(reader, new InputSource(inputStream));
Validator validator = xmlSchema.newValidator();
validator.validate(saxSource);