XSL Transformation fails when request contains a DOCTYPE declaration

Document ID : KB000005145
Last Modified Date : 14/02/2018
Show Technical Document Details

When performing an XSL Transformation on a request that contains a DOCTYPE declaration the assertion will fail with the below errors:


For example, this request would fail: 







This was done to protect the Gateway against DTD Entity Expansion Attacks. From a technical perspective, the XML parser will not allow DOCTYPE declarations. When the parser encounters a message containing a DOCTYPE, it terminates parsing without expanding the entity or entities. The CA API Gateway then logs and audits a warning that a message was badly formed. This allows administrators to monitor potential intrusion attempts, while keeping the protected services safe. 


The solution is to remove the DOCTYPE declaration from your request.

To resolve the issue with the sample provided earlier it should be changed as follows: