Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.

XMLWF(1)                                                              XMLWF(1)

       xmlwf - Determines if an XML document is well-formed


       xmlwf uses the Expat library to determine if an XML document is well-
       formed. It is non-validating.

       If you do not specify any files on the command-line, and you have a
       recent version of xmlwf, the input file will be read from standard

       A well-formed document must adhere to the following rules:

       ⊕ The file begins with an XML declaration. For instance, <?xml
         version="1.0" standalone="yes"?>.  NOTE: xmlwf does not currently
         check for a valid XML declaration.

       ⊕ Every start tag is either empty (<tag/>) or has a corresponding end

       ⊕ There is exactly one root element. This element must contain all
         other elements in the document. Only comments, white space, and
         processing instructions may come after the close of the root element.

       ⊕ All elements nest properly.

       ⊕ All attribute values are enclosed in quotes (either single or

       If the document has a DTD, and it strictly complies with that DTD, then
       the document is also considered valid.  xmlwf is a non-validating
       parser -- it does not check the DTD. However, it does support external
       entities (see the -x option).

       When an option includes an argument, you may specify the argument
       either separately ("-d output") or concatenated with the option
       ("-doutput"). xmlwf supports both.

       -a factor
              Sets the maximum tolerated amplification factor for protection
              against billion laughs attacks (default: 100.0).  The
              amplification factor is calculated as ..

                          amplification := (direct + indirect) / direct

              .. while parsing, whereas <direct> is the number of bytes read
              from the primary document in parsing and <indirect> is the
              number of bytes added by expanding entities and reading of
              external DTD files, combined.

              NOTE: If you ever need to increase this value for non-attack
              payload, please file a bug report.

       -b bytes
              Sets the number of output bytes (including amplification) needed
              to activate protection against billion laughs attacks (default:
              8 MiB).  This can be thought of as an "activation threshold".

              NOTE: If you ever need to increase this value for non-attack
              payload, please file a bug report.

       -c     If the input file is well-formed and xmlwf doesn't encounter any
              errors, the input file is simply copied to the output directory
              unchanged.  This implies no namespaces (turns off -n) and
              requires -d to specify an output directory.

       -d output-dir
              Specifies a directory to contain transformed representations of
              the input files.  By default, -d outputs a canonical
              representation (described below).  You can select different
              output formats using -c, -m and -N.

              The output filenames will be exactly the same as the input
              filenames or "STDIN" if the input is coming from standard input.
              Therefore, you must be careful that the output file does not go
              into the same directory as the input file. Otherwise, xmlwf will
              delete the input file before it generates the output file (just
              like running cat < file > file in most shells).

              Two structurally equivalent XML documents have a byte-for-byte
              identical canonical XML representation.  Note that ignorable
              white space is considered significant and is treated
              equivalently to data.  More on canonical XML can be found at
              http://www.jclark.com/xml/canonxml.html .

       -e encoding
              Specifies the character encoding for the document, overriding
              any document encoding declaration. xmlwf supports four built-in
              encodings: US-ASCII, UTF-8, UTF-16, and ISO-8859-1.  Also see
              the -w option.

       -k     When processing multiple files, xmlwf by default halts after the
              the first file with an error.  This tells xmlwf to report the
              error but to keep processing.  This can be useful, for example,
              when testing a filter that converts many files to XML and you
              want to quickly find out which conversions failed.

       -m     Outputs some strange sort of XML file that completely describes
              the input file, including character positions.  Requires -d to
              specify an output file.

       -n     Turns on namespace processing. (describe namespaces) -c disables

       -N     Adds a doctype and notation declarations to canonical XML
              output.  This matches the example output used by the formal XML
              test cases.  Requires -d to specify an output file.

       -p     Tells xmlwf to process external DTDs and parameter entities.

              Normally xmlwf never parses parameter entities. -p tells it to
              always parse them.  -p implies -x.

       -r     Normally xmlwf memory-maps the XML file before parsing; this can
              result in faster parsing on many platforms.  -r turns off
              memory-mapping and uses normal file IO calls instead.  Of
              course, memory-mapping is automatically turned off when reading
              from standard input.

              Use of memory-mapping can cause some platforms to report
              substantially higher memory usage for xmlwf, but this appears to
              be a matter of the operating system reporting memory in a
              strange way; there is not a leak in xmlwf.

       -s     Prints an error if the document is not standalone.  A document
              is standalone if it has no external subset and no references to
              parameter entities.

       -t     Turns on timings. This tells Expat to parse the entire file, but
              not perform any processing.  This gives a fairly accurate idea
              of the raw speed of Expat itself without client overhead.  -t
              turns off most of the output options (-d, -m, -c, ...).

       -v     Prints the version of the Expat library being used, including
              some information on the compile-time configuration of the
              library, and then exits.

       -w     Enables support for Windows code pages.  Normally, xmlwf will
              throw an error if it runs across an encoding that it is not
              equipped to handle itself. With -w, xmlwf will try to use a
              Windows code page. See also -e.

       -x     Turns on parsing external entities.

              Non-validating parsers are not required to resolve external
              entities, or even expand entities at all.  Expat always expands
              internal entities (?), but external entity parsing must be
              enabled explicitly.

              External entities are simply entities that obtain their data
              from outside the XML file currently being parsed.

              This is an example of an internal entity:

              <!ENTITY vers '1.0.2'>

              And here are some examples of external entities:

              <!ENTITY header SYSTEM "header-&vers;.xml">  (parsed)
              <!ENTITY logo SYSTEM "logo.png" PNG>         (unparsed)

       --     (Two hyphens.)  Terminates the list of options. This is only
              needed if a filename starts with a hyphen. For example:

              xmlwf -- -myfile.xml

              will run xmlwf on the file -myfile.xml.

       Older versions of xmlwf do not support reading from standard input.

       xmlwf outputs nothing for files which are problem-free.  If any input
       file is not well-formed, or if the output for any input file cannot be
       opened, xmlwf prints a single line describing the problem to standard

       If the -k option is not provided, xmlwf halts upon encountering a well-
       formedness or output-file error.  If -k is provided, xmlwf continues
       processing the remaining input files, describing problems found with
       any of them.

       For option -v or -h, xmlwf always exits with status code 0. For other
       cases, the following exit status codes are returned:

       0      The input files are well-formed and the output (if requested)
              was written successfully.

       1      An internal error occurred.

       2      One or more input files were not well-formed or could not be

       3      If using the -d option, an error occurred opening an output

       4      There was a command-line argument error in how xmlwf was

       The errors should go to standard error, not standard output.

       There should be a way to get -d to send its output to standard output
       rather than forcing the user to send it to a file.

       I have no idea why anyone would want to use the -d, -c, and -m options.
       If someone could explain it to me, I'd like to add this information to
       this manpage.


       The Expat home page:                            https://libexpat.github.io/
       The W3 XML 1.0 specification (fourth edition):  https://www.w3.org/TR/2006/REC-xml-20060816/
       Billion laughs attack:                          https://en.wikipedia.org/wiki/Billion_laughs_attack

       This manual page was originally written by Scott Bronson
       <bronson@rinspin.com> in December 2001 for the Debian GNU/Linux system
       (but may be used by others). Permission is granted to copy, distribute
       and/or modify this document under the terms of the GNU Free
       Documentation License, Version 1.1.

                               February 20, 2022                      XMLWF(1)