xml-dev - Re: [xml-dev] XInclude: security risk 1

Re: [xml-dev] XInclude: security risk 1

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] XInclude: security risk 1
From: Richard Tobin <richard@cogsci.ed.ac.uk>
Date: Mon, 28 Oct 2002 19:28:36 GMT
Cc:
In-reply-to: <p04330107b9e329aa7fe2@[192.168.254.4]>
Organization: HCRC, University of Edinburgh

>It is somewhat (though far 
>from completely) mitigated by the fact that the document() function 
>can only point to well-formed XML documents so it can't steal 
>absolutely any file or URL.

You could combine it with an entity reference: use document() to refer
to an external document that has a file: entity reference.  Then any
plain text without less-thans or ampersands will be well-formed.

I'm sure that current browsers must already prevent this, probably by
disallowing file: references from non-trusted documents.

-- Richard

References:
- Re: [xml-dev] XInclude: security risk 1
  - From: Elliotte Rusty Harold <elharo@metalab.unc.edu>

Prev by Date: RE: [xml-dev] Namespaces - a couple nits and questions
Next by Date: Re: [xml-dev] Note from the Troll
Previous by thread: Re: [xml-dev] XInclude: security risk 1
Next by thread: Re: [xml-dev] XInclude: security risk 1
Index(es):
- Date
- Thread