Lists Home |
Date Index |
Need not and can be are different things.
Yep... know all about entities. I also know
that "identifier" is a resolvable URL and
that documentation placed for convenience
as a best practice leads one to resolve it.
So the issue is for the protocol designer
to explicitly say ... what?
From: Rich Salz [mailto:email@example.com]
> Hmm. So namespacesCumURLs are a security problem?
No, a namespace URI is an identifier, and therefore need not be
followed. The document (which is excellent) is talking about, you know,
external ENTITY things.
I believe this security issue is one reason why SOAP disallows DTD's.