尝试在错误的ANDROID资源中使用<!ENTITY:“已引用该实体,但未声明该实体." [英] Trying to use <!ENTITY in ANDROID resources with error: "The entity was referenced, but not declared."
问题描述
我正在按照以下解决方案在字符串资源文件中使用enetities:
I'm following this solution to use enetities in my string resource file:
可以吗?在Android资源XML文件中直接进行字符串替换?
我正在资源树中使用外部文件:/res/raw/entities.dtd,其内容:
I'm using an external file in the resource tree: /res/raw/entities.dtd, its content:
<!ENTITY ent_devicename "MyDeviceName">
在string.xml资源文件中:
<!DOCTYPE resources [
<!ENTITY % ent_devicename SYSTEM "../raw/entities.dtd">
%ent_devicename;
]>
<resources>
<string name="name">The name is &ent_devicename;</string>
</resources>
但我收到此错误:
已引用实体"ent_devicename",但未声明.
The entity "ent_devicename" was referenced, but not declared.
如您所见,Android Studio可以识别外部实体文件:
As you can see Android Studio recognizes the external entity file:
和实体:
有人可以提供完整的正确示例来使事情正常吗? 我的意思是一个完全可编译的Android Studio项目,其中实体声明位于单独的文件中.
Can someone provide full a correct example to make things work? I mean a full compilable Android Studio project, with entities declarations in a separated file.
更新 好的,如果您对此w3schools链接进行更多关注:
UPDATE Ok, if you pay more attention to this w3schools link:
> https://www.w3schools.com/xml/xml_dtd_entities.asp
您看到了解决方案:
外部entities.dtd文件包含
<!ENTITY ent_devicename "MyDeviceName">
然后输入新的字符串资源:
then the new string resource resource:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE resources [
<!ENTITY ent_devicename SYSTEM "../raw/entities.dtd">
]>
<resources xmlns:tools="http://schemas.android.com/tools" tools:ignore="Typos">
<string name="ent_devicenamxxe2">&ent_devicename;</string>
我将<!ENTITY % ent_devicename更改为<!ENTITY ent_devicename(不再有%)
我删除了%ent_devicename;
I changed <!ENTITY % ent_devicename to <!ENTITY ent_devicename (no more %)
I deleted %ent_devicename;
现在可以编译,但是生成的APK似乎忽略了实体值(使用空字符串).所以问题没有解决!
Now it compiles but the resulting APK seems to ignore the entity values (uses an empty string). So the problem is not resolved!
让我知道!
推荐答案
TL; DR该功能已从Android Studio中删除..请参见错误报告 Android Studio一次支持XML外部实体.在我看来,Android Studio当前应该支持外部实体,因为编辑器不会抱怨XML的底层处理实际上并没有按预期进行包含,从而给出了被引用但未声明"的错误.
It looks like XML External Entities were supported at one time on Android Studio. It also looks to me like Android Studio currently should be supporting external entities since the editor doesn't complain The underlying processing of the XML doesn't actually do the inclusion as expected giving the "referenced but not declared" error.
尽管我还没有找到关于Android Studio放弃外部实体的明确引用,但由于发现了一个漏洞,所以这是有道理的.请参见易受XXE数据泄露影响的Android开发人员攻击和安全记录.
Although I have not found an explicit reference to Android Studio abandoning external entities, it would make sense due to a vulnerability that was uncovered. See Android Developers Susceptible to Data Exposure from XXE Attack and the security write-up.
现在也有可能以某种方式限制对外部实体的访问,但是我认为,在这种情况下,Android Studio会更有帮助.由于该漏洞,很有可能只是删除了该功能.
It is also possible that access to external entities are now gated somehow, but I think that Android Studio would be more helpful if that is the case. It is more likely that the functionality was just removed due to the vulnerability.
顺便说一句,我尝试了其他答案,但我没有运气-只是相同的错误.
By the way, I have experimented with the other answers and I have had no luck - just the same error.
我刚刚遇到了媒体帖子,其中讨论了解决XXE漏洞的JetBrains.
I just came across a Medium post that discusses JetBrains addressing the XXE vulnerability.
第二次修改
我发现了参考关于错误跟踪器的禁用.
I found a reference for the disablement on the bug tracker.
这可能是出于安全原因而被禁用,它需要在解析之前进行完整分析,达到3.2级.
this may have been disabled for security reason, it requires complete analysis before resolution, punting to 3.2
和
确实出于更改原因(为了防止XXE攻击)在Change-Id:I2f1978bc5458ba2b2b2d2ff6cbd9df5710c487a4e4中将其禁用.
This was indeed disabled for security reasons (preventing XXE attacks) in Change-Id: I2f1978bc5458ba2b2b2d6ffbc9df5710c487a4e4.
它的状态是不会修复预期的行为".如果将Studio更改为发出一条错误消息,表明该设备出于安全原因而被禁用,那就太好了.
It's status is "won't fix-intended behavior." It would have been nice if Studio had been changed to emit an error message that the facility was disabled for security reasons.
这篇关于尝试在错误的ANDROID资源中使用<!ENTITY:“已引用该实体,但未声明该实体."的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
