Internal or external parsed entities in the external DTD subset of an SVG content document

[murata2makoto]

Consider this XML document.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE svg SYSTEM "mySvg.dtd">
<svg xmlns="http://www.w3.org/2000/svg" width="100%" height="100%">
    &desc;
    <g alignment-baseline="baseline"></g>
</svg>

If mySvg.dtd contains <!ENTITY desc "<desc></desc>">, then desc is an internal parsed entity defined in an external DTD subset. If mySvg.dtd contains <!ENTITY desc SYSTEM "desc.ent">, then desc is an external parsed entity defined in an external DTD subset.

This document has not been allowed as an SVG content document. The currently proposed text allows it, however. Moreover, an EPUB RS might or might not resolve the entity reference.

I don't think that it is a good idea to allow this as an SVG content document.

[iherman]

Note that, I believe this file would not be accepted by web browsers. I tested the other examples, and they were all considered valid and displayed correctly (I have modified them slightly to produce a visible result) this example is not accepted due to a missing entity.

[murata2makoto]

@iherman

I suppose that you created mySvg.dtd. Even if you do, those non-validating processors which do not fetch external DTD subsets will fail to handle this document. Those which do will not fail. This lack of interoperability is a shame of XML.

[iherman]

I suppose that you created mySvg.dtd.

Yes, I did.

Even if you do, those non-validating processors which do not fetch external DTD subsets will fail to handle this document. Those which do will not fail. This lack of interoperability is a shame of XML.

:-(

However: if web browsers do not do this, this means that no Reading System, unless they develop and keep up-to-date their own rendering engine, will handle that either.

[murata2makoto]

EPUB 3 has disallowed this problematic example. I would like to continue to disallow it.

[iherman]

This issue was discussed in a meeting.

• RESOLVED: Merge PR #1368 to address outstanding DTD issues, and close GH issues 1369-1373

View the transcript

Wendy Reid: we had resolutions at the F2F, and further discussions on github
… and came to a happy place
Matt Garrish: #1368
Matt Garrish: where we ended up was…
… we put in an allowance for a specific set of external identifiers that we have put in an appendix
… we have SVG and MathML that are allowed to be used in content docs or in separate files
… and we made a restriction against external entities in the internal DTD subset
… so it prevents some security issues but eases authoring
… so we’ll no longer force people to remove SVG DTDs from tool-generated files
… I’m hoping this is it :)
Ivan Herman: tech comment
… in fact, the changes are such that
… makes possible something that I’m not sure we really use
… I can define as part of an internal entity something that won’t go out to the network
… I’m not sure if this feature is in use
… formal comment
… there was a formal resolution on the previous version; this PR slightly changes that
… can we get a formal resolution to merge, and also close a bunch of issues which were examples of the problem?
Proposed resolution: Merge PR #1368 to address outstanding DTD issues, and close GH issues 1369-1373 (Wendy Reid)
Garth Conboy: +1
Matt Garrish: +1
Ivan Herman: +1
Charles LaPierre: +1
Matthew Chan: +1
Wendy Reid: +1
Brady Duga: +1
George Kerscher: +1
Laura Brady: +1
Bill Kasdorf: +1
Ben Schroeter: +1
Resolution #1: Merge PR #1368 to address outstanding DTD issues, and close GH issues 1369-1373

[iherman]

@wareid I believe this issue can also be closed