OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a r

[ Lists Home | Date Index | Thread Index ]

> > But then we have a slightly different problem. Developers 
> who try to 
> > do the right thing will be hit by interoperability issues. 
> Either that 
> > or they have to specify a particular (set of) SAX implementation(s) 
> > which somewhat undermines SAX as a common API.
> >
> > On reflection, I think that SAX should be tweaked to at 
> least require 
> > support for this feature, and maybe mandate that the 
> default be to not 
> > retrieve external entities.

A better solution is to nominate an EntityResolver. This will be called
to check all references to external URIs. If you don't want the parser
to fetch HTTP URIs, your EntityResolver can prevent it. All SAX parsers,
I think, have to support this interface.

Michael Kay
Software AG
home: Michael.H.Kay@ntlworld.com
work: Michael.Kay@softwareag.com 


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS