1<!-- 2 __ __ _ 3 ___\ \/ /_ __ __ _| |_ 4 / _ \\ /| '_ \ / _` | __| 5 | __// \| |_) | (_| | |_ 6 \___/_/\_\ .__/ \__,_|\__| 7 |_| XML parser 8 9 Copyright (c) 2001 Scott Bronson <bronson@rinspin.com> 10 Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net> 11 Copyright (c) 2009 Karl Waclawek <karl@waclawek.net> 12 Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org> 13 Copyright (c) 2016 Ardo van Rangelrooij <ardo@debian.org> 14 Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk> 15 Copyright (c) 2020 Joe Orton <jorton@redhat.com> 16 Copyright (c) 2021 Tim Bray <tbray@textuality.com> 17 Unlike most of Expat, 18 this file is copyrighted under the GNU Free Documentation License 1.1. 19--> 20<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 21 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ 22 <!ENTITY dhfirstname "<firstname>Scott</firstname>"> 23 <!ENTITY dhsurname "<surname>Bronson</surname>"> 24 <!ENTITY dhdate "<date>September 24, 2025</date>"> 25 <!-- Please adjust this^^ date whenever cutting a new release. --> 26 <!ENTITY dhsection "<manvolnum>1</manvolnum>"> 27 <!ENTITY dhemail "<email>bronson@rinspin.com</email>"> 28 <!ENTITY dhusername "Scott Bronson"> 29 <!ENTITY dhucpackage "<refentrytitle>XMLWF</refentrytitle>"> 30 <!ENTITY dhpackage "xmlwf"> 31 32 <!ENTITY debian "<productname>Debian GNU/Linux</productname>"> 33 <!ENTITY gnu "<acronym>GNU</acronym>"> 34]> 35 36<refentry> 37 <refentryinfo> 38 <address> 39 &dhemail; 40 </address> 41 <author> 42 &dhfirstname; 43 &dhsurname; 44 </author> 45 <copyright> 46 <year>2001</year> 47 <holder>&dhusername;</holder> 48 </copyright> 49 &dhdate; 50 </refentryinfo> 51 <refmeta> 52 &dhucpackage; 53 54 &dhsection; 55 </refmeta> 56 <refnamediv> 57 <refname>&dhpackage;</refname> 58 59 <refpurpose>Determines if an XML document is well-formed</refpurpose> 60 </refnamediv> 61 <refsynopsisdiv> 62 <cmdsynopsis> 63 <command>&dhpackage;</command> 64 <arg><replaceable>OPTIONS</replaceable></arg> 65 <arg><replaceable>FILE</replaceable> ...</arg> 66 </cmdsynopsis> 67 <cmdsynopsis> 68 <command>&dhpackage;</command> 69 <group choice="plain"> 70 <arg><option>-h</option></arg> 71 <arg><option>--help</option></arg> 72 </group> 73 </cmdsynopsis> 74 <cmdsynopsis> 75 <command>&dhpackage;</command> 76 <group choice="plain"> 77 <arg><option>-v</option></arg> 78 <arg><option>--version</option></arg> 79 </group> 80 </cmdsynopsis> 81 </refsynopsisdiv> 82 83 <refsect1> 84 <title>DESCRIPTION</title> 85 86 <para> 87 <command>&dhpackage;</command> uses the Expat library to 88 determine if an XML document is well-formed. It is 89 non-validating. 90 </para> 91 92 <para> 93 If you do not specify any files on the command-line, and you 94 have a recent version of <command>&dhpackage;</command>, the 95 input file will be read from standard input. 96 </para> 97 98 </refsect1> 99 100 <refsect1> 101 <title>WELL-FORMED DOCUMENTS</title> 102 103 <para> 104 A well-formed document must adhere to the 105 following rules: 106 </para> 107 108 <itemizedlist> 109 <listitem><para> 110 The file begins with an XML declaration. For instance, 111 <literal><?xml version="1.0" standalone="yes"?></literal>. 112 <emphasis>NOTE</emphasis>: 113 <command>&dhpackage;</command> does not currently 114 check for a valid XML declaration. 115 </para></listitem> 116 <listitem><para> 117 Every start tag is either empty (<tag/>) 118 or has a corresponding end tag. 119 </para></listitem> 120 <listitem><para> 121 There is exactly one root element. This element must contain 122 all other elements in the document. Only comments, white 123 space, and processing instructions may come after the close 124 of the root element. 125 </para></listitem> 126 <listitem><para> 127 All elements nest properly. 128 </para></listitem> 129 <listitem><para> 130 All attribute values are enclosed in quotes (either single 131 or double). 132 </para></listitem> 133 </itemizedlist> 134 135 <para> 136 If the document has a DTD, and it strictly complies with that 137 DTD, then the document is also considered <emphasis>valid</emphasis>. 138 <command>&dhpackage;</command> is a non-validating parser -- 139 it does not check the DTD. However, it does support 140 external entities (see the <option>-x</option> option). 141 </para> 142 </refsect1> 143 144 <refsect1> 145 <title>OPTIONS</title> 146 147<para> 148When an option includes an argument, you may specify the argument either 149separately ("<option>-d</option> <replaceable>output</replaceable>") or concatenated with the 150option ("<option>-d</option><replaceable>output</replaceable>"). <command>&dhpackage;</command> 151supports both. 152</para> 153 154 <variablelist> 155 156 <varlistentry> 157 <term><option>-a</option> <replaceable>factor</replaceable></term> 158 <listitem> 159 <para> 160 Sets the maximum tolerated amplification factor 161 for protection against amplification attacks 162 like the billion laughs attack 163 (default: 100.0 164 for the sum of direct and indirect output and also 165 for allocations of dynamic memory). 166 The amplification factor is calculated as .. 167 </para> 168 <literallayout> 169 amplification := (direct + indirect) / direct 170 </literallayout> 171 <para> 172 .. with regard to use of entities and .. 173 </para> 174 <literallayout> 175 amplification := allocated / direct 176 </literallayout> 177 <para> 178 .. with regard to dynamic memory while parsing. 179 <direct> is the number of bytes read 180 from the primary document in parsing, 181 <indirect> is the number of bytes 182 added by expanding entities and reading of external DTD files, 183 combined, and 184 <allocated> is the total number of bytes of dynamic memory 185 allocated (and not freed) per hierarchy of parsers. 186 </para> 187 <para> 188 <emphasis>NOTE</emphasis>: 189 If you ever need to increase this value for non-attack payload, 190 please file a bug report. 191 </para> 192 </listitem> 193 </varlistentry> 194 195 <varlistentry> 196 <term><option>-b</option> <replaceable>bytes</replaceable></term> 197 <listitem> 198 <para> 199 Sets the number of output bytes (including amplification) 200 needed to activate protection against amplification attacks 201 like billion laughs 202 (default: 8 MiB for the sum of direct and indirect output, 203 and 64 MiB for allocations of dynamic memory). 204 This can be thought of as an "activation threshold". 205 </para> 206 <para> 207 <emphasis>NOTE</emphasis>: 208 If you ever need to increase this value for non-attack payload, 209 please file a bug report. 210 </para> 211 </listitem> 212 </varlistentry> 213 214 <varlistentry> 215 <term><option>-c</option></term> 216 <listitem> 217 <para> 218 If the input file is well-formed and <command>&dhpackage;</command> 219 doesn't encounter any errors, the input file is simply copied to 220 the output directory unchanged. 221 This implies no namespaces (turns off <option>-n</option>) and 222 requires <option>-d</option> to specify an output directory. 223 </para> 224 </listitem> 225 </varlistentry> 226 227 <varlistentry> 228 <term><option>-d</option> <replaceable>output-dir</replaceable></term> 229 <listitem> 230 <para> 231 Specifies a directory to contain transformed 232 representations of the input files. 233 By default, <option>-d</option> outputs a canonical representation 234 (described below). 235 You can select different output formats using <option>-c</option>, 236 <option>-m</option> and <option>-N</option>. 237 </para> 238 <para> 239 The output filenames will 240 be exactly the same as the input filenames or "STDIN" if the input is 241 coming from standard input. Therefore, you must be careful that the 242 output file does not go into the same directory as the input 243 file. Otherwise, <command>&dhpackage;</command> will delete the 244 input file before it generates the output file (just like running 245 <literal>cat < file > file</literal> in most shells). 246 </para> 247 <para> 248 Two structurally equivalent XML documents have a byte-for-byte 249 identical canonical XML representation. 250 Note that ignorable white space is considered significant and 251 is treated equivalently to data. 252 More on canonical XML can be found at 253 http://www.jclark.com/xml/canonxml.html . 254 </para> 255 </listitem> 256 </varlistentry> 257 258 <varlistentry> 259 <term><option>-e</option> <replaceable>encoding</replaceable></term> 260 <listitem> 261 <para> 262 Specifies the character encoding for the document, overriding 263 any document encoding declaration. <command>&dhpackage;</command> 264 supports four built-in encodings: 265 <literal>US-ASCII</literal>, 266 <literal>UTF-8</literal>, 267 <literal>UTF-16</literal>, and 268 <literal>ISO-8859-1</literal>. 269 Also see the <option>-w</option> option. 270 </para> 271 </listitem> 272 </varlistentry> 273 274 <varlistentry> 275 <term><option>-g</option> <replaceable>bytes</replaceable></term> 276 <listitem> 277 <para> 278 Sets the buffer size to request per call pair to 279 <function>XML_GetBuffer</function> and <function>read</function> 280 (default: 8 KiB). 281 </para> 282 </listitem> 283 </varlistentry> 284 285 <varlistentry> 286 <term><option>-h</option></term> 287 <term><option>--help</option></term> 288 <listitem> 289 <para> 290 Prints short usage information on command <command>&dhpackage;</command>, 291 and then exits. 292 Similar to this man page but more concise. 293 </para> 294 </listitem> 295 </varlistentry> 296 297 <varlistentry> 298 <term><option>-k</option></term> 299 <listitem> 300 <para> 301 When processing multiple files, <command>&dhpackage;</command> 302 by default halts after the the first file with an error. 303 This tells <command>&dhpackage;</command> to report the error 304 but to keep processing. 305 This can be useful, for example, when testing a filter that converts 306 many files to XML and you want to quickly find out which conversions 307 failed. 308 </para> 309 </listitem> 310 </varlistentry> 311 312 <varlistentry> 313 <term><option>-m</option></term> 314 <listitem> 315 <para> 316 Outputs some strange sort of XML file that completely 317 describes the input file, including character positions. 318 Requires <option>-d</option> to specify an output file. 319 </para> 320 </listitem> 321 </varlistentry> 322 323 <varlistentry> 324 <term><option>-n</option></term> 325 <listitem> 326 <para> 327 Turns on namespace processing. (describe namespaces) 328 <option>-c</option> disables namespaces. 329 </para> 330 </listitem> 331 </varlistentry> 332 333 <varlistentry> 334 <term><option>-N</option></term> 335 <listitem> 336 <para> 337 Adds a doctype and notation declarations to canonical XML output. 338 This matches the example output used by the formal XML test cases. 339 Requires <option>-d</option> to specify an output file. 340 </para> 341 </listitem> 342 </varlistentry> 343 344 <varlistentry> 345 <term><option>-p</option></term> 346 <listitem> 347 <para> 348 Tells <command>&dhpackage;</command> to process external DTDs and parameter 349 entities. 350 </para> 351 <para> 352 Normally <command>&dhpackage;</command> never parses parameter 353 entities. <option>-p</option> tells it to always parse them. 354 <option>-p</option> implies <option>-x</option>. 355 </para> 356 </listitem> 357 </varlistentry> 358 359 <varlistentry> 360 <term><option>-q</option></term> 361 <listitem> 362 <para> 363 Disable reparse deferral, and allow quadratic parse runtime 364 on large tokens (default: reparse deferral enabled). 365 </para> 366 </listitem> 367 </varlistentry> 368 369 <varlistentry> 370 <term><option>-r</option></term> 371 <listitem> 372 <para> 373 Normally <command>&dhpackage;</command> memory-maps the XML file 374 before parsing; this can result in faster parsing on many 375 platforms. 376 <option>-r</option> turns off memory-mapping and uses normal file 377 IO calls instead. 378 Of course, memory-mapping is automatically turned off 379 when reading from standard input. 380 </para> 381 <para> 382 Use of memory-mapping can cause some platforms to report 383 substantially higher memory usage for 384 <command>&dhpackage;</command>, but this appears to be a matter of 385 the operating system reporting memory in a strange way; there is 386 not a leak in <command>&dhpackage;</command>. 387 </para> 388 </listitem> 389 </varlistentry> 390 391 <varlistentry> 392 <term><option>-s</option></term> 393 <listitem> 394 <para> 395 Prints an error if the document is not standalone. 396 A document is standalone if it has no external subset and no 397 references to parameter entities. 398 </para> 399 </listitem> 400 </varlistentry> 401 402 <varlistentry> 403 <term><option>-t</option></term> 404 <listitem> 405 <para> 406 Turns on timings. This tells Expat to parse the entire file, 407 but not perform any processing. 408 This gives a fairly accurate idea of the raw speed of Expat itself 409 without client overhead. 410 <option>-t</option> turns off most of the output options 411 (<option>-d</option>, <option>-m</option>, <option>-c</option>, ...). 412 </para> 413 </listitem> 414 </varlistentry> 415 416 <varlistentry> 417 <term><option>-v</option></term> 418 <term><option>--version</option></term> 419 <listitem> 420 <para> 421 Prints the version of the Expat library being used, including some 422 information on the compile-time configuration of the library, and 423 then exits. 424 </para> 425 </listitem> 426 </varlistentry> 427 428 <varlistentry> 429 <term><option>-w</option></term> 430 <listitem> 431 <para> 432 Enables support for Windows code pages. 433 Normally, <command>&dhpackage;</command> will throw an error if it 434 runs across an encoding that it is not equipped to handle itself. With 435 <option>-w</option>, <command>&dhpackage;</command> will try to use a Windows code 436 page. See also <option>-e</option>. 437 </para> 438 </listitem> 439 </varlistentry> 440 441 <varlistentry> 442 <term><option>-x</option></term> 443 <listitem> 444 <para> 445 Turns on parsing external entities. 446 </para> 447<para> 448 Non-validating parsers are not required to resolve external 449 entities, or even expand entities at all. 450 Expat always expands internal entities (?), 451 but external entity parsing must be enabled explicitly. 452 </para> 453 <para> 454 External entities are simply entities that obtain their 455 data from outside the XML file currently being parsed. 456 </para> 457 <para> 458 This is an example of an internal entity: 459<literallayout> 460<!ENTITY vers '1.0.2'> 461</literallayout> 462 </para> 463 <para> 464 And here are some examples of external entities: 465 466<literallayout> 467<!ENTITY header SYSTEM "header-&vers;.xml"> (parsed) 468<!ENTITY logo SYSTEM "logo.png" PNG> (unparsed) 469</literallayout> 470 471 </para> 472 </listitem> 473 </varlistentry> 474 475 <varlistentry> 476 <term><option>--</option></term> 477 <listitem> 478 <para> 479 (Two hyphens.) 480 Terminates the list of options. This is only needed if a filename 481 starts with a hyphen. For example: 482 </para> 483<literallayout> 484&dhpackage; -- -myfile.xml 485</literallayout> 486 <para> 487 will run <command>&dhpackage;</command> on the file 488 <filename>-myfile.xml</filename>. 489 </para> 490 </listitem> 491 </varlistentry> 492 </variablelist> 493 494 <para> 495 Older versions of <command>&dhpackage;</command> do not support 496 reading from standard input. 497 </para> 498 </refsect1> 499 500 <refsect1> 501 <title>OUTPUT</title> 502 <para> 503 <command>&dhpackage;</command> outputs nothing for files which are problem-free. 504 If any input file is not well-formed, or if the output for any 505 input file cannot be opened, <command>&dhpackage;</command> prints a single 506 line describing the problem to standard output. 507 </para> 508 <para> 509 If the <option>-k</option> option is not provided, <command>&dhpackage;</command> 510 halts upon encountering a well-formedness or output-file error. 511 If <option>-k</option> is provided, <command>&dhpackage;</command> continues 512 processing the remaining input files, describing problems found with any of them. 513 </para> 514 </refsect1> 515 516 <refsect1> 517 <title>EXIT STATUS</title> 518 <para>For options <option>-v</option>|<option>--version</option> or <option>-h</option>|<option>--help</option>, <command>&dhpackage;</command> always exits with status code 0. For other cases, the following exit status codes are returned: 519 <variablelist> 520 <varlistentry> 521 <term><option>0</option></term> 522 <listitem><para>The input files are well-formed and the output (if requested) was written successfully.</para> 523 </listitem> 524 </varlistentry> 525 <varlistentry> 526 <term><option>1</option></term> 527 <listitem><para>An internal error occurred.</para> 528 </listitem> 529 </varlistentry> 530 <varlistentry> 531 <term><option>2</option></term> 532 <listitem><para>One or more input files were not well-formed or could not be parsed.</para> 533 </listitem> 534 </varlistentry> 535 <varlistentry> 536 <term><option>3</option></term> 537 <listitem><para>If using the <option>-d</option> option, an error occurred opening an output file.</para> 538 </listitem> 539 </varlistentry> 540 <varlistentry> 541 <term><option>4</option></term> 542 <listitem><para>There was a command-line argument error in how <command>&dhpackage;</command> was invoked.</para> 543 </listitem> 544 </varlistentry> 545 </variablelist> 546 </para> 547 </refsect1> 548 549 550 <refsect1> 551 <title>BUGS</title> 552 <para> 553 The errors should go to standard error, not standard output. 554 </para> 555 <para> 556 There should be a way to get <option>-d</option> to send its 557 output to standard output rather than forcing the user to send 558 it to a file. 559 </para> 560 <para> 561 I have no idea why anyone would want to use the 562 <option>-d</option>, <option>-c</option>, and 563 <option>-m</option> options. If someone could explain it to 564 me, I'd like to add this information to this manpage. 565 </para> 566 </refsect1> 567 568 <refsect1> 569 <title>SEE ALSO</title> 570 <para> 571 572<literallayout> 573The Expat home page: https://libexpat.github.io/ 574The W3 XML 1.0 specification (fourth edition): https://www.w3.org/TR/2006/REC-xml-20060816/ 575Billion laughs attack: https://en.wikipedia.org/wiki/Billion_laughs_attack 576</literallayout> 577 578 </para> 579 </refsect1> 580 581 <refsect1> 582 <title>AUTHOR</title> 583 <para> 584 This manual page was originally written by &dhusername; &dhemail; 585 in December 2001 for 586 the &debian; system (but may be used by others). Permission is 587 granted to copy, distribute and/or modify this document under 588 the terms of the <acronym>GNU</acronym> Free Documentation 589 License, Version 1.1. 590 </para> 591 </refsect1> 592</refentry> 593
