Lists Home |
Date Index |
Simon St.Laurent wrote,
> email@example.com (Rich Salz) writes:
> > No, a namespace URI is an identifier, and therefore need not be
> > followed. The document (which is excellent) is talking about, you
> > know, external ENTITY things.
> So is RDDL now a security risk?
Potentially ... yes.
How many times have we discussed the external entity thing on this list
now? Any of the issues with them apply equally here.
And in fact David Megginson warned about the dangers of automagically
dereferencing namespace URIs long before RDDL came along,