[
Lists Home |
Date Index |
Thread Index
]
Karl Waclawek wrote:
>are there any well-known ways to protect against
>malicious XML, e.g. XML that causes your parser
>to eat up all memory?
I can't find a way to produce malicious XML without having extremely large
files, since recursive entity references are not allowed. Here's one
example of a recursive entity reference:
<?xml version="1.0"?>
<!DOCTYPE a [
<!ENTITY a "<element>&b;</element>">
<!ENTITY b "&a;">
]>
<element>&a;</element>
Interestingly enough, this caused MSIE 6 to crash, but I'd say that's
because of the malicious parser. Mozilla 1 does the right thing:
XML Parsing Error: recursive entity reference
Location: file:///E:/test/circle.xml
Line Number 6, Column 10:
<element>&a;</element>
---------^
Has anyone else succeeded to produce a small, malicious and well-formed XML
document?
Gustaf
|