When performing an XSL Transformation on a request that contains a DOCTYPE declaration the assertion will fail with the below errors:

 

<Please see attached file for image>

For example, this request would fail: 

<Please see attached file for image>

 

 

 

 

This was done to protect the Gateway against DTD Entity Expansion Attacks. From a technical perspective, the XML parser will not allow DOCTYPE declarations. When the parser encounters a message containing a DOCTYPE, it terminates parsing without expanding the entity or entities. The CA API Gateway then logs and audits a warning that a message was badly formed. This allows administrators to monitor potential intrusion attempts, while keeping the protected services safe. 

Release:
Component: APIGTW

The solution is to remove the DOCTYPE declaration from your request.

To resolve the issue with the sample provided earlier it should be changed as follows:

<Please see attached file for image>

src="/servlet/servlet.FileDownload?file=0150c000004AKKQAA4" alt="doctype_solved.png" width="299" height="119">