xml-dev - Re: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?

Re: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?

[ Lists Home | Date Index | Thread Index ]

To: Tim Bray <tbray@textuality.com>
Subject: Re: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?
From: Rich Salz <rsalz@datapower.com>
Date: Thu, 23 May 2002 12:32:16 -0400
Cc: xml-dev@lists.xml.org
References: <200205231616.MAA11258@mail.reutershealth.com> <3CED16F6.8000504@textuality.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020510

> Not that the problem is with DTDs.  After all these years, it seems that 
> the jury has come back in and the cost-benefit ratio for entities just 
> ain't good.  -Tim

Good.  A big problem with external entities are the security 
implications: if I send you some XML, you have to be careful to make 
sure I don't trick you into opening something you didn't intend.  E.g., 
a networked XSLT script that outputs your password (or other private 
info) file.
	/r$

References:
- Re: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?
  - From: John Cowan <jcowan@reutershealth.com>
- Re: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?
  - From: Tim Bray <tbray@textuality.com>

Prev by Date: RE: [xml-dev] Painful USA Today article (was RE: [xml-dev] ANN: RESTTutorial)
Next by Date: RE: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?
Previous by thread: Re: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?
Next by thread: Re: [xml-dev] DTDs, W3C Schemas, RELAX NG, Schematron?
Index(es):
- Date
- Thread