Stefan Bodewig's Weblog

Sun, 22. Apr 2018

XMLUnit for Java and XMLUnit.NET 2.6.0 Released

These releases fix a few bugs and introduce smaller new features as well as a completely new experimental module that aims to provide a DSL that controls the diff process inside of the control XML document.

Starting with XMLUnit 2.6.0 all XML parsers are configured according to OWASP recommendations for XML eXternal Entity injection preventions - which means you need to override certain settings if you need to load external entities. This is a change that breaks backwards compatibility - at least in the Java version. If you've been using .NET 4.5.2 or above all configurations have been safe by default anyway.

XXE prevention is not enabled inside of the validation package and XMLUnit for Java's legacy module.

The full list of changes for XMLUnit for Java:

add a new experimental project xmlunit-placeholders which aims to use ${xmlunit.FOO} expressions inside of the control document to allow for a DSL-like approach of defining more complex tests. This initial seed only supports ${xmlunit.ignore} which can be used to make XMLUnit ignore the element containing this text. PR #105 by @zheng-wang.
added withDocumentBuilderFactory methods to HasXPathMatcher and EvaluateXPathMatcher to allow explicit configuration of the DocumentBuilderFactory used. Issue #108
the DocmentBuilderFactory and TransformerFactory instances used by XMLUnit are now configured to not load any external DTDs or parse external entities. They are now configured according to the OWASP recommendations for XML eXternal Entity injection preventions. The TransformerFactory used by the org.xmlunit.transform.Transformation class is still configured to load external stylesheets, though.

For the legacy package XXE prevention has to be enabled via XMLUnit.enableXXEProtection explicitly.

This is a breaking change and you may need to provide DocmentBuilderFactory or TransformerFactory instances of your own if you need to load external entities.

The SAXParserFactory and SchemaFactory instances used inside of the validation package have not been changed as their use is likely to require loading of external DTDs or schemas.

Issue #91.
the configured NodeFilter is now applied before comparing DocumentType nodes.

This change breaks backwards compatibility as the old behavior was to ignore DocumentType when counting the children of the Document node but not when actually comparing the DocumentType. Prior to this change if one document had a document type declaration but the other didn't, a HAS_DOCTYPE_DECLARATION difference was detected, this will no longer be the case now. If you want to detect this difference, you need to use a more lenient NodeFilter than NodeFilters.Default (i.e. NodeFilters.AcceptAll) but then you will see an additional CHILD_NODELIST_LENGTH difference.

The legacy package has been adapted and will behave as before even when using NewDifferenceEngine.

Issue #116.
added a new Source implementation ElementContentWhitespaceStrippedSource which is similar to WhitespaceStrippedSource but only affects text nodes that solely consist of whitespace and doesn't affect any other text nodes. Also added convenience ignoreElementContentWhitespace methods to DiffBuilder and CompareMatcher. Issue #119.

The full list of changes for XMLUnit.NET:

add a new experimental module xmlunit-placeholders which aims to use ${xmlunit.FOO} expressions inside of the control document to allow for a DSL-like approach of defining more complex tests. This initial seed only supports ${xmlunit.ignore} which can be used to make XMLUnit ignore the element containing this text.
fixed the message when CompareConstraint or ValidationConstraints (both NUnit 2.x and 3.x) as well as EvaluateXPathConstraint or HasXPathConstraint (only the NUnit 3.x versions) pass but the assertion fails because the constraint itself was wrapped in a Not constraint.
the NUnit 3.x EvaluateXPathConstraint failed to resolve the nested constraint, leading to erroneous messages if the assertion failed. Issue #25
the XmlDocument instances used internally in Convert and Transformation now get their XmlResolver property set to null by default - which happens to be the default value of .NET 4.5.2 and later anyway. This is in accordance with the OWASP recommendations for XML eXternal Entity injection preventions.

This may be a breaking change and you may need to provide an explicit XmlResolver instance of your own if you need to load external entities.

Issue #27.
added a new ISource implementation ElementContentWhitespaceStrippedSource which is similar to WhitespaceStrippedSource but only affects text nodes that solely consist of whitespace and doesn't affect any other text nodes. Also added convenience IgnoreElementContentWhitespace methods to DiffBuilder and CompareConstraint. Issue similar to xmlunit/#119.
the configured NodeFilter is now applied before comparing XmlDocumentType nodes.

This change breaks backwards compatibility as the old behavior was to ignore XmlDocumentType when counting the children of the XmlDocument node but not when actually comparing the XmlDocumentType. Prior to this change if one document had a document type declaration but the other didn't, a HAS_DOCTYPE_DECLARATION difference was detected, this will no longer be the case now. If you want to detect this difference, you need to use a more lenient NodeFilter than NodeFilters.Default (i.e. NodeFilters.AcceptAll) but then you will see an additional CHILD_NODELIST_LENGTH difference.

Issue #26.

path: /en/oss/XMLUnit | #

Thu, 09. Nov 2017

XMLUnit for Java 2.5.1 Released

this release fixes a bug in CompareMatcher that could throw a NoSuchElementException when combined with other hamcrest matchers.

The full list of changes for XMLUnit for Java

Made Travis build work with OpenJDK6 again. PR #101 by @PascalSchumacher.
CompareMatcher's describeTo method threw an exception if the comparison yielded no differences. Issue #107.

path: /en/oss/XMLUnit | #

Fri, 20. Oct 2017

XMLUnit.NET 2.5.1 Released

this release fixes a serious bug in the difference engine when documents only differ in namespace prefix.

The full list of changes for XMLUnit.NET:

elements that only differed in namespace prefix resulted in a false `ELEMENT_TAG_NAME` difference when compared. Issue #22

path: /en/oss/XMLUnit | #

Sun, 03. Sep 2017

XMLUnit for Java and XMLUnit.NET 2.5.0 Released

This release makes CommentLessSource and friends use XSLT 2.0 under the covers and adds new methods to override the XSLT version being used.

The full list of changes:

CommentLessSource, DiffBuilder#ignoreComments and CompareMatcher#ignoreComments now all use XSLT version 2.0 stylesheets in order to strip comments. New constructors and methods have been added if you need a different version of XSLT (in particular if you need 1.0 which used to be the default up to XMLUnit 2.4.0).

Issue #99.

path: /en/oss/XMLUnit | #

Sun, 23. Jul 2017

XMLUnit for Java and XMLUnit.NET 2.4.0 Released

This release changes DefaultComparisonFormatter in order to simplify creating custom ComparisonFormatters.

The full list of changes:

made DefaultComparisonFormatter more subclass friendly. Issue #93.

path: /en/oss/XMLUnit | #

Previous 5 entriesNext 5 entries