Menu

XMLUnit for Java and XMLUnit.NET 2.6.0 Released

These releases fix a few bugs and introduce smaller new features as
well as a completely new experimental module that aims to provide a
DSL that controls the diff process inside of the control XML document.

Starting with XMLUnit 2.6.0 all XML parsers are configured according
to OWASP recommendations for XML eXternal Entity injection
preventions
- which means you need to override certain settings if you need to
load external entities. This is a change that breaks backwards
compatibility - at least in the Java version. If you've been using
.NET 4.5.2 or above all configurations have been safe by default
anyway.

XXE prevention is not enabled inside of the validation package and
XMLUnit for Java's legacy module.

The full list of changes for XMLUnit for Java:

  • add a new experimental project xmlunit-placeholders which aims to
    use ${xmlunit.FOO} expressions inside of the control document to
    allow for a DSL-like approach of defining more complex tests.
    This initial seed only supports ${xmlunit.ignore} which can be
    used to make XMLUnit ignore the element containing this text.
    PR #105 by
    @zheng-wang.

  • added withDocumentBuilderFactory methods to HasXPathMatcher and
    EvaluateXPathMatcher to allow explicit configuration of the
    DocumentBuilderFactory used.
    Issue #108.

  • the DocmentBuilderFactory and TransformerFactory instances used
    by XMLUnit are now configured to not load any external DTDs or parse
    external entities. They are now configured according to the OWASP
    recommendations for XML eXternal Entity injection
    preventions    . The
    TransformerFactory used by the
    org.xmlunit.transform.Transformation class is still configured to
    load external stylesheets, though.

For the legacy package XXE prevention has to be enabled via
XMLUnit.enableXXEProtection explicitly.

This is a breaking change and you may need to provide
DocmentBuilderFactory or TransformerFactory instances of your
own if you need to load external entities.

The SAXParserFactory and SchemaFactory instances used inside of
the validation package have not been changed as their use is
likely to require loading of external DTDs or schemas.

Issue #91.

  • the configured NodeFilter is now applied before comparing
    DocumentType nodes.

This change breaks backwards compatibility as the old behavior was
to ignore DocumentType when counting the children of the
Document node but not when actually comparing the
DocumentType. Prior to this change if one document had a document
type declaration but the other didn't, a HAS_DOCTYPE_DECLARATION
difference was detected, this will no longer be the case now. If you
want to detect this difference, you need to use a more lenient
NodeFilter than NodeFilters.Default
(i.e. NodeFilters.AcceptAll) but then you will see an additional
CHILD_NODELIST_LENGTH difference.

The legacy package has been adapted and will behave as before even
when using NewDifferenceEngine.

Issue #116.

  • added a new Source implementation
    ElementContentWhitespaceStrippedSource which is similar to
    WhitespaceStrippedSource but only affects text nodes that solely
    consist of whitespace and doesn't affect any other text nodes. Also
    added convenience ignoreElementContentWhitespace methods to
    DiffBuilder and CompareMatcher.
    Issue #119.

The full list of changes for XMLUnit.NET:

  • add a new experimental module xmlunit-placeholders which aims to
    use ${xmlunit.FOO} expressions inside of the control document to
    allow for a DSL-like approach of defining more complex tests.
    This initial seed only supports ${xmlunit.ignore} which can be
    used to make XMLUnit ignore the element containing this text.

  • fixed the message when CompareConstraint or
    ValidationConstraints (both NUnit 2.x and 3.x) as well as
    EvaluateXPathConstraint or HasXPathConstraint (only the NUnit
    3.x versions) pass but the assertion fails because the constraint
    itself was wrapped in a Not constraint.

  • the NUnit 3.x EvaluateXPathConstraint failed to resolve the nested
    constraint, leading to erroneous messages if the assertion failed.
    Issue #25

  • the XmlDocument instances used internally in Convert and
    Transformation now get their XmlResolver property set to null
    by default - which happens to be the default value of .NET 4.5.2 and
    later anyway. This is in accordance with the OWASP recommendations
    for XML eXternal Entity injection
    preventions    .

This may be a breaking change and you may need to provide an
explicit XmlResolver instance of your own if you need to load
external entities.

Issue #27.

  • added a new ISource implementation
    ElementContentWhitespaceStrippedSource which is similar to
    WhitespaceStrippedSource but only affects text nodes that solely
    consist of whitespace and doesn't affect any other text nodes. Also
    added convenience IgnoreElementContentWhitespace methods to
    DiffBuilder and CompareConstraint.
    Issue similar to xmlunit/#119.

  • the configured NodeFilter is now applied before comparing
    XmlDocumentType nodes.

This change breaks backwards compatibility as the old behavior was
to ignore XmlDocumentType when counting the children of the
XmlDocument node but not when actually comparing the
XmlDocumentType. Prior to this change if one document had a document
type declaration but the other didn't, a HAS_DOCTYPE_DECLARATION
difference was detected, this will no longer be the case now. If you
want to detect this difference, you need to use a more lenient
NodeFilter than NodeFilters.Default
(i.e. NodeFilters.AcceptAll) but then you will see an additional
CHILD_NODELIST_LENGTH difference.

Issue #26.

Posted by Stefan Bodewig 2018-04-22

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.