[
Lists Home |
Date Index |
Thread Index
]
K. Ari Krupnikov writes:
> Would you report it as a (perhaps recoverable) error? Braking
> character data into multiple events would defy the purpose of this
> filter (to relieve content handlers from the need to do that
> themselves) and do nothing to solve the security issue.
Here's an easy attack -- send you a start tag, then just keep sending
random alphanumeric characters until your system chokes. An arbitrary
limit -- even a very high one, like a few gigabytes -- would be useful.
> > On the other hand, high fixed limits, like (say) 16K characters for
> > element and attribute names, might help us avoid some problems in
> > the future.
>
> This sounds like a reasonable proposition to me. But would you also
> impose a limit on character data? Entities? In the gigabytes
> perhaps?
No, I don't think that would be necessary. It all depends on the
APIs, of course, but I've never seen one that splits a name into
multiple chunks before passing it on to the application, hence the
worry.
All the best,
David
--
David Megginson, david@megginson.com, http://www.megginson.com/
|
