XSL Transformation fails when request contains a DOCTYPE declaration

Document ID : KB000005145
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When performing an XSL Transformation on a request that contains a DOCTYPE declaration the assertion will fail with the below errors:

 xslt.png

For example, this request would fail: 

doctype_sample.png

 

 

 

 

Cause:

This was done to protect the Gateway against DTD Entity Expansion Attacks. From a technical perspective, the XML parser will not allow DOCTYPE declarations. When the parser encounters a message containing a DOCTYPE, it terminates parsing without expanding the entity or entities. The CA API Gateway then logs and audits a warning that a message was badly formed. This allows administrators to monitor potential intrusion attempts, while keeping the protected services safe. 

Resolution:

The solution is to remove the DOCTYPE declaration from your request.

To resolve the issue with the sample provided earlier it should be changed as follows:

doctype_solved.png