[
Lists Home |
Date Index |
Thread Index
]
"XML mechanisms that follow external references (External References) may also expose an implementation to various threats by causing the implementation to access external resources automatically. It is important to disallow arbitrary access to such external references within XML data from untrusted sources. Many XML grammars define constructs using URIs for external references; in such cases, the same precautions must be taken. "
Hmm. So namespacesCumURLs are a security problem?
len
From: Tim Bray [mailto:tbray@textuality.com]
This thing has been under development for months and I think it is an
*excellent* piece of work - I would probably echo pretty well every word
and just not in the IETF context. The canonical version is at
http://www.imc.org/ietf-xml-use/xml-guidelines-07.txt, but there's also
a nice human-readable HTML version at
http://www.imc.org/ietf-xml-use/xml-guidelines-07.html
|