OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Why validate? What kind of validation?

[ Lists Home | Date Index | Thread Index ]

For people interested the security/robustness aspects of validation, 
here are two relevant articles



Does anyone know of any list of the most likely/damaging
security problems for XML, and what kinds of validation
would be appropriate to minimise risks?

Also, if a schema language were to specify fallback 
values which would be used when a value was not
valid, would that promote robustness/security
and lessen the need for non-XML properties
(in particular the property related to signalling
validity) in a PSVI? 

For example, if a datatyping spec said (in no particular
schema language)
 <element name="x">
    <datatype name="value"  min="1" fallback="#CRAP" />
the schema processing an instance would replace
  <x>00000000000000000....times 800 to cause buffer problems</x>

Rick Jelliffe


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS