xml-dev - Re: [xml-dev] Malicious XML

Re: [xml-dev] Malicious XML

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Re: [xml-dev] Malicious XML
From: Gustaf Liljegren <gustaf.liljegren@xml.se>
Date: Fri, 15 Nov 2002 11:54:28 +0100
In-reply-to: <001f01c28c22$fcd8f990$9e539696@citkwaclaww2k>

Karl Waclawek wrote:

>are there any well-known ways to protect against
>malicious XML, e.g. XML that causes your parser
>to eat up all memory?

I can't find a way to produce malicious XML without having extremely large
files, since recursive entity references are not allowed. Here's one
example of a recursive entity reference:

<?xml version="1.0"?>
<!DOCTYPE a [
<!ENTITY a "<element>&b;</element>">
<!ENTITY b "&a;">
]>
<element>&a;</element>

Interestingly enough, this caused MSIE 6 to crash, but I'd say that's
because of the malicious parser. Mozilla 1 does the right thing:

XML Parsing Error: recursive entity reference
Location: file:///E:/test/circle.xml
Line Number 6, Column 10:

<element>&a;</element>
---------^

Has anyone else succeeded to produce a small, malicious and well-formed XML
document?

Gustaf

References:
- Malicious XML
  - From: "Karl Waclawek" <karl@waclawek.net>

Prev by Date: Re: [xml-dev] Malicious XML
Next by Date: Re: [xml-dev] Alternatives to DOM for writing XML
Previous by thread: Re: [xml-dev] Malicious XML
Next by thread: RDF and the new releases
Index(es):
- Date
- Thread