I am building an API that returns XML response. I have created DTD for the response and it is available on a public URL. The DTD has been shared to intended users in the API documentation that I have created. Is it mandatory to include the DTD reference in the response XML too ? Will XML parsers who are working with the XML response automatically try to validate the response with the DTD ? If specifying the DTD is optional, what are the pros and cons of specifying and skipping it ?
Is it mandatory to specify DTD in XML?
1.5k Views Asked by Jayakrishnan GK At
2
There are 2 best solutions below
0
On
The DTD is only required if you use named entities outside the 5 that are built into XML (& et al).
Some XML parsers will ignore it completely. Some will download it and use it.
Pros:
- The XML can be validated
- The you can use custom named entities in parsers that support it
Cons:
- Additional HTTP requests in parsers that support it
- Custom named entities will break the document in parsers that don't support it
It's not mandated by the XML spec. Whether it's mandated by other specs or rules you wish to (or are obligated to) conform to, only you could say.
If you specify it, some will, because they mistakenly confuse the declarative meaning of the document type declaration (this document is [intended to be] valid against this DTD) with the imperative meaning 'please check this document for validity against this DTD'.
If you don't specify it, it's unlikely that an XML parser will attempt to validate the instance against any DTD, let alone the one you have in mind.
In favor of specifying it: it's helpful information for someone trying to solve a problem involving the XML document(s) in question. It makes it more likely that errors in XML data streams will be caught early.
In favor of omitting it: some brain-dead systems regard validation against DTDs as entailing security risks, and cannot think of any better way to defend against a billion-laughs attack. If those brain-dead systems also cannot distinguish the declarative and the imperative meanings of the document type declaration, they may refuse to process the document. (Of course, since your life will probably be happier if you are able to steer clear of such systems, this argument may be taken in the opposite way: if you specify the DTD, you are less likely to get yourself entangled unawares with such brain-dead systems. Their complaints about the DTD serve as an early warning system, giving you time to run the other way. If you omit the DTD, you may find yourself using systems whose shortcomings will eventually become visible in other ways.)