xml-dev - Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a ra

Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a ra

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
From: Ronald Bourret <rpbourret@rpbourret.com>
Date: Mon, 10 Jun 2002 00:44:26 -0700
References: <000a01c20ecc$90ebb980$887ba8c0@mitchum> <200206081044.42559.miles@milessabin.com>

Miles Sabin wrote:
> The more worrying cases are documents which don't have any such intended
> semantics (ie. just dumb data), but get them willy nilly thanks to the
> implicit retrieval semantics of validation.

Worse yet, this isn't limited to validation. A parser is free to read an
external DTD (to get attribute defaults and entity values) even when it
isn't validating. I haven't looked at any of the parsers I've used
closely enough, but it would surprise me if any had a way to turn this
completely off.

-- Ron

Follow-Ups:
- Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
  - From: "Rob Lugt" <roblugt@elcel.com>

References:
- RE: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
  - From: Bill de hÓra <dehora@eircom.net>
- Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
  - From: Miles Sabin <miles@milessabin.com>

Prev by Date: Re: [xml-dev] Formatting XML
Next by Date: How to find out the name of the tag where my xmldocument did not validate
Previous by thread: Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
Next by thread: Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
Index(es):
- Date
- Thread