diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2022-10-07 22:22:22 +0200 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2022-10-14 17:34:59 +0200 |
| commit | 75261f97e6ea138d53f4b38834082ba4a10e0183 (patch) | |
| tree | 2bef0c0d355cc71d5b307963ca937229fd3412ca | |
| parent | glep-0074: Clarify the hex encoding of hash values (diff) | |
| download | glep-75261f97e6ea138d53f4b38834082ba4a10e0183.tar.gz glep-75261f97e6ea138d53f4b38834082ba4a10e0183.tar.bz2 glep-75261f97e6ea138d53f4b38834082ba4a10e0183.zip | |
glep-0068: Clarify and restrict XML data format
Explicitly specify XML 1.0 and link to the specification. Forbid
"external markup declarations" and processing DTDs to secure against
common XML attacks.
Signed-off-by: Michał Górny <mgorny@gentoo.org>
| -rw-r--r-- | glep-0068.rst | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/glep-0068.rst b/glep-0068.rst index 78ac7ea..a2bee64 100644 --- a/glep-0068.rst +++ b/glep-0068.rst @@ -4,10 +4,10 @@ Title: Package and category metadata Author: Michał Górny <mgorny@gentoo.org> Type: Standards Track Status: Final -Version: 1.2 +Version: 1.3 Created: 2016-03-14 -Last-Modified: 2022-05-22 -Post-History: 2016-03-16, 2018-02-20, 2022-05-22 +Last-Modified: 2022-10-14 +Post-History: 2016-03-16, 2018-02-20, 2022-05-22, 2022-10-07 Content-Type: text/x-rst Requires: 67 Replaces: 34, 46, 56 @@ -59,10 +59,14 @@ Metadata files -------------- This specification provides two kinds of metadata files: category metadata -files and package metadata files. Both kinds of files use XML file format -with structure defined in this GLEP. The XML structure does not use -a namespace and must not contain any elements outside the scope of this -specification. +files and package metadata files. Both kinds of files use the XML 1.0 file +format [#XML10]_. They must not use external markup declarations, as defined +in the XML specification. While they may reference or include a DTD, the parser +must not fetch or process it. + +The data structure of metadata files is defined in this GLEP. The elements +and attributes do not use namespaces. Conforming files must not contain +any elements or attributes that are not defined in this specification. Category metadata files are named ``metadata.xml`` and located inside category directories in an ebuild repository. Their structure is described @@ -516,6 +520,9 @@ References .. [#METADATA-DTD] The original metadata.dtd file https://gitweb.gentoo.org/data/dtd.git/tree/metadata.dtd?id=a908a93b5afe295359e0a01814c9bef8b5268bcd +.. [#XML10] Extensible Markup Language (XML) 1.0 (Fifth Edition) + https://www.w3.org/TR/xml/ + .. [#BCP-47] BCP 47: "Tags for identifying languages", https://tools.ietf.org/rfc/bcp/bcp47.txt |