OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a ra

[ Lists Home | Date Index | Thread Index ]

Miles Sabin wrote:
> The more worrying cases are documents which don't have any such intended
> semantics (ie. just dumb data), but get them willy nilly thanks to the
> implicit retrieval semantics of validation.

Worse yet, this isn't limited to validation. A parser is free to read an
external DTD (to get attribute defaults and entity values) even when it
isn't validating. I haven't looked at any of the parsers I've used
closely enough, but it would surprise me if any had a way to turn this
completely off.

-- Ron


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS