application/xquery
Media TypeThis Appendix specifies the media type for XQuery Version 1.0. XQuery is a language for querying over collections of data from XML data sources, as specified in the main body of this document. This media type is being submitted to the IESG (Internet Engineering Steering Group) for review, approval, and registration with IANA (Internet Assigned Numbers Authority.)
This document, found at
http://www.w3.org/TR/xquery/,
together with its normative references, defines the language XQuery Version 1.0. This Appendix
provides information about the application/xquery
media type,
which is intended to be used for transmitting queries written in the
XQuery language.
This document was prepared by members of the W3C XML Query Working Group. Please send comments to public-qt-comments@w3.org, a public mailing list with archives at http://lists.w3.org/Archives/Public/public-qt-comments.
application/xquery
MIME media type name: application
MIME subtype name: xquery
Required parameters: none
Optional parameters: none
The syntax of XQuery is expressed in Unicode but may be written
with any Unicode-compatible character encoding, including UTF-8 or
UTF-16, or transported as US-ASCII or ISO-8859-1 with Unicode
characters outside the range of the given encoding represented using
an XML-style ෝ
syntax.
The public XQuery Web page lists more than two dozen implementations of the XQuery language, both proprietary and open source.
This media type is registered to allow for deployment of XQuery on the World Wide Web.
The most common file extensions in use for XQuery are
.xq
and .xquery
.
The appropriate Macintosh file type code is TEXT
.
For use with transports that are not 8-bit clean, quoted-printable encoding is recommended since the XQuery syntax itself uses the US-ASCII-compatible subset of Unicode.
An XQuery document may contain an encoding declaration as part of its version declaration:
xquery version "3.1" encoding "utf-8";
An XQuery file may have the string xquery version "V.V"
near the
beginning of the document, where "V.V"
is a version number.
Currently the version number, if present, must be "1.0"
, "3.0"
, or "3.1"
.
XQuery documents use the Unicode character set and, by default, the UTF-8 encoding.
Queries written in XQuery may cause arbitrary URIs or IRIs to be
dereferenced. Therefore, the security issues of [RFC3987] Section 8 should be considered.
In addition, the contents of resources identified by file:
URIs can in some cases be
accessed, processed and returned as results. XQuery expressions can invoke any of the functions defined in
[XQuery and XPath Functions and Operators 4.0]. For example, the
fn:doc()
and fn:doc-available()
functions allow local filesystem probes as well as
access to any URI-defined resource accessible from the system
evaluating the XQuery expression.
The fn:transform()
function allows calls to URI-identified
XSLT transformations which may in turn call external extension functions
and access or write to the file system. The fn:transform()
function
should be sandboxed or disabled if untrusted queries are run.
XQuery is a full declarative programming language, and supports user-defined functions, external function libraries (modules) referenced by URI, and system-specific "native" functions.
Arbitrary recursion is possible, as is arbitrarily large memory usage, and implementations may place limits on CPU and memory usage, as well as restricting access to system-defined functions.
The optional XQuery Update Facility allows XQuery expressions to create and update persistent data, potentially including writing to arbitrary locations on the local filesystem as well as to remote URIs. Untrusted queries should not be given write access to data.
Furthermore, because the XQuery language permits extensions,
it is possible that application/xquery
may describe content that has
security implications beyond those described here.