Effective XML Elliotte Rusty Harold
Part 0: Should We Use XML?
The XML Backlash “With proper mark-up/logic separation, a POJO data model, and a refreshing lack of XML, Apache Wicket makes developing web-apps simple and enjoyable again. Swap the boilerplate, complex debugging and brittle code for powerful, reusable components written with plain Java and HTML.” -- Apache Wicket
Choose XML ● For data that must be exchanged ● Or extended ● Or stored
Don’t Choose XML for ● Purely local, transient data (e.g. internal method arguments ● RPC is an edge case
Why Use XML ● Well-defined, well understood ● Secure ● Extensible ● Fast ● Easy ● Robust ● Internationalizable ● Platform independent ● Language independent ● Not executable ● Standard parsers easily available
Avoid ● JSON ● YAML ● Java Properties ● Custom syntax ● Etc.
Why? 2 usually orthogonal reasons ● Mixing Data with Code is Bad – Unportable data – Opens big security holes – This is why you want to use XML instead of Ruby, Python, PHP, etc. ● Weak Parsers – Bugs and security holes – Not internationalizable – This is why you don’t want to use YAML, custom file formats parsed by regular expressions, etc.
Limited Use Cases ● Works for: – Lists – Maps – Sets – Simple config files ● Not so well for: – Trees – Networks – Narrative data – Annotated data
Choose the right tools: ● XPath, XSLT, XQuery ● E4X, XOM, JDOM ● RELAX NG ● Avoid – Regular expressions – DOM – W3C XSD Schemas
Part I: Syntax
Stay with XML 1.0 XML 1.1: New name characters C0 control characters C1 control characters NEL Undeclare namespace prefixes Incompatible with Most XML parsers W3C and RELAX NG schema languages XOM, JDOM Many browsers
Part II: Structure
The XML Stack
Allow All XML syntax CDATA sections Entity references Processing instructions Comments Numeric character references Document type declarations Different ways of representing the same core content; not different information
Distinguish text from markup A DocBook element ]]> The content is: This is the same: <value> <double>28657</double> </value>
The reverse problem Tools that create XML from strings: Tree-based editors like or XML Spy WYSIWYG applications like OpenOffice Writer Programming APIs such as DOM, JDOM, and XOM The tool automatically escapes reserved characters like, or &. Just because something looks like an XML tag does not mean it is an XML tag.
White space matters Parsers report all white space in element content, including boundary white space An xml:space attribute is for the client application only, not the parser White space in attribute values is normalized Parsers do not report white space in the prolog, epilog, the document type declaration, and tags.
Make structure explicit through markup Bad Withdrawal Better
Store metadata in attributes Material the reader doesn’t want to see URLs IDs Styles Revision dates Author’s name No substructure Revision tracking Citations Single item only
Remember mixed content Narrative documents Record-like documents The RSS problem Xerlin 1.3 released Xerlin 1.3, an open source XML Editor written in Java, has been released. Users can extend the application via custom editor interfaces for specific DTDs. New features in version 1.3 include XML Schema support, WebDAV capabilities, and various user interface enhancements. Java 1.2 or later is required.
What you really want is this: Xerlin 1.3,an open source XML Editor written in Java, has been released. Users can extend the application via custom editor interfaces for specific DTDs. New features in version 1.3 include: XML Schema support WebDAV capabilities Various user interface enhancements Java 1.2 or later is required.
What people do is this: <p><a href=" 1.3</strong></a>, an open source XML Editor written in Java, has been released. Users can extend the application via custom editor interfaces for specific DTDs. New features in version 1.3 include:</p> <ul> <li>XML Schema support</li> <li>WebDAV capabilities</li> <li>Various user interface enhancements</li> </ul> <p>Java 1.2 or later is required.</p>
Prefer URLs to unparsed entities and notations URLs are simple and well understood Notations and unparsed entities are confusing and little used URLs don’t require the DTD to be read Many APIs don’t even support notations and unparsed entities
Part III: Semantics
Use processing instructions for process-specific content For a very particular, even local, process Describes how a particular process acts on the data in the document Does not describe or add to the content itself A unit that can be treated in isolation Content is not XML-like. Applies to the entire document
Processing instructions are not appropriate when: Content is closely related to the content of the document itself Structure extends beyond a single processing instruction Needs to be validated
Include all information in instance documents Not all parsers read the DTD Especially browsers Beware Default attribute values Parsed entity references XInclude ID type dependence (XPath, DOM, etc.)
Encode binary data using quoted printable and/or Base64 Quoted printable works well for mostly text Base-64 for non-text data Can you link to the data with a URL instead? Can you bundle the data with XML using zip, jar, XOP, or MIME?
Use namespaces for modularity and extensibility Simple cases can use one default namespace http URIs are normally preferred DTD validation is tricky Code to namespace URIs, not prefixes Avoid namespace prefixes in element content and attribute values
Reuse XHTML for generic narrative content %xhtml1;
Choose the right schema language for the job DTDs The W3C XML Schema Language RELAX NG Schematron
Use only what you need You need Well-formed XML 1.0 A parser You probably need: Namespaces You may not need: DTDs Schemas XInclude SOAP WS-Kitchen-Sink etc.
Always use a parser Can’t use regular expressions: Detecting encoding Comments and processing instructions that contain tags CDATA sections Unexpected placement of spaces and line breaks within tags Default attribute values Character and entity references Malformed documents Internal DTD Subset Why not? Unfamiliarity with parsers Too slow
Layer Functionality
Program to standard APIs Easier to deploy in Java 1.4/1.5 Different implementations have different performance characteristics SAX is fast DOM interoperates
Program to non-standard APIs for ease of development ● JDOM, XOM ● E4X
Read the complete DTD Be conservative in what you generate; liberal in what you accept Important content from DTD: Default attribute values Namespace declarations Entity references ID types
Navigate with XPath More robust against unexpected structure Allow optimization by engine Easier to code; enhanced programmer productivity Might be slower
Validate inside your program with schemas
Part IV: Implementation
Write documents in Unicode Prefer UTF-8 Smaller in English ASCII compatible Normalization É, ü, ì and so forth NFC ICU
Avoid Vendor Lockin; Beware Opaque, binary data used in place of marked up text. Over-abbreviated, inobvious names like F17354 and grgyt APIs that hide the XML Products that focus on the "Infoset” Alternate serializations of XML Patented formats
Hang on to your relational database For tabular data But consider native XML databases going forward
Document Namespaces with RDDL <!DOCTYPE html PUBLIC "-//XML-DEV//DTD XHTML RDDL 1.0//EN" " <html xmlns=" xmlns:xlink=" xmlns:rddl=" MegaBank Statement Markup Language (MBSML) This is the XML namespace for the <a href=" Statement Markup Language. <rddl:resource xlink:type="simple" xlink:href=" xlink:role=" xlink:arcrole =" > The MegaBank Statement Markup Language Specification 1.0
Pick the correct MIME type application/xml Not text/xml! Don't use charset application/mathml+xml image/svg+xml application/xslt+xml
TagSoup Your HTML
Catalog common resources <catalog xmlns= "urn:oasis:names:tc:entity:xmlns:xml:catalog" > <public publicId= "-//OASIS//DTD DocBook XML V4.2//EN" uri= "file:///opt/xml/docbook/docbookx.dtd"/>
Compress if space is a problem //output OutputStream fout = new FileOutputStream("data.xml.gz"); OutputStream out = new GZipOutputStream(fout); OutputFormat format = new OutputFormat(document); XMLSerializer output = new XMLSerializer(out, format); output.serialize(doc); // input InputStream fin = new FileInputStream("data.xml.gz"); InputStream in = new GZipInputStream(fin); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilder parser = factory.newDocumentBuilder(); Document doc = parser.parse(in); // work with the document...
To Learn More Effective XML: 50 Specific Ways to Improve Your XML Documents Elliotte Rusty Harold Addison-Wesley, 2003 ISBN $ effectivexml