[
Lists Home |
Date Index |
Thread Index
]
- To: XML Dev <xml-dev@lists.xml.org>
- Subject: The J2ME pseudo-XML botch
- From: Tim Bray <tbray@textuality.com>
- Date: Sat, 22 Feb 2003 09:10:19 -0800
- User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2.1) Gecko/20021130
Text of a feedback note I just sent to the community-feedback address,
cc Jon Ellis, the Sun guy who posted here:
=============================================
I understand the proposed XML parsing facility in J2ME accepts not XML
but a nonstandard subset which does not allow for the DOCTYPE
declaration. It's OK to define a custom language for your own purposes,
but it's not OK at all to use the term "XML" in describing it; this term
is very precisely defined and is legally protected by the World Wide Web
Consortium; anyone who offers software with XML in the name which is
deliberately non-conformant to the specification is putting themselves
in a very shaky position both legally and technically. I am not
speaking for the W3C but if Java continues in this misguided direction I
will pro-actively start taking measures to protect the integrity of the
term "XML" via the W3C and public advocacy.
On a technical front, and speaking as the author of the first-ever XML
Parser in the Java language (non-validating), which had a bytecode
footprint of less than 50k, I found that the code footprint caused by
parsing the DTD was negligable. Now, external entity processing is
expensive, but there is no requirement to do that. There is no
requirement to fetch/process the external subset. Processing the
internal subset does create an opening to the "billion laughs" DOS
attack, but it would be perfectly reasonable to implement self-defense
against that with a simple limit on the size of the internal entity
stack, which would cost about one line of code.
On the larger front, XML has succeeded quite remarkably in providing
interoperability to a degree not observed in other data interchange
facilities. There are indeed many programmers who read the XML spec or
one of the 30 shelf-feet of books now on sale explaining it, and bash
out software, and use MSIE or expat or something to sanity-check it, and
send it out into the world. If J2ME advertises a nonstandard subset as
"XML", this is a recipe for an interoperability disaster.
Tim Bray
- co-editor, XML 1.0
- co-editor, Namespaces in XML
- member, W3C Technical Advisory Group
|