Skip to content

Don't load remote DTDs by default (was SI-7726) #135

Closed
@SethTisue

Description

@SethTisue

wrote @acruise,

A lot of people have trouble with parsing documents whose DTDs are unavailable or intentionally served by slow servers (e.g. http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic/) – we should update the "obvious" parsing entry points so they'll avoid loading DTDs by default.
Ordinarily it would be user-friendly to deprecate an existing method and create a new one, but while there's one primary entry point (XMLLoader#loadXML), there are two sets of overloads (three loadFile and five load) and another loadString to contend with.
Personally, in this case I might be tempted to just flipping the default around completely to non-DTD, and make people use a custom SAXParser if they actually want validation. In one sense this is a non-disruptive change, since things that once failed will no longer fail, but of course in another sense it's the worst kind of change, since anyone who was relying on our default parser to do their DTD validation will now have a river of sludge flowing into their app.

original JIRA issue: https://issues.scala-lang.org/browse/SI-7726

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions