Lists Home |
Date Index |
firstname.lastname@example.org (Miles Sabin) writes:
>> So is RDDL now a security risk?
>Potentially ... yes.
>How many times have we discussed the external entity thing on this list
>now? Any of the issues with them apply equally here.
Given that RDDL itself contains further links to resources, this
probably needs some kind of direct addressing; "security" doesn't appear
in the current spec.
>And in fact David Megginson warned about the dangers of automagically
>dereferencing namespace URIs long before RDDL came along,
David's been way ahead of most on these issues.
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!
http://simonstl.com -- http://monasticxml.org