OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Malicious XML

[ Lists Home | Date Index | Thread Index ]

>Any chance of some details of just what it is in the internal subset 
>which triggers this behaviour, and how?

You can easily construct a few entities that expand to a huge result.
Depending on how your parser returns things, this may use lots of
memory or merely use up lots of cpu time.  There is an example at

  http://www.cogsci.ed.ac.uk/~richard/billion-laughs.xml

I don't recommend loading this file into a browser.

-- Richard




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS