[
Lists Home |
Date Index |
Thread Index
]
At 7:36 PM -0500 3/4/03, David Megginson wrote:
>K. Ari Krupnikov writes:
>
> > How much of a "violation" would it be to have a caching XMLFilter that
> > would report all contiguous character data in a single event,
> > including across entity boundaries?
>
>If you did this, though, I'd suggest still putting in a hard-coded
>limit. In fact, as XML gets used in more security-sensitive
>environments, we may need to consider putting (very high) limits on
>everything to avoid various attacks.
The theoretical maximum size of a Java array is 2.1 billion items
(2^31 to be precise). Thus even with oodles of memory it's not always
possible to stuff everything into a single call, especially if you
think there might be things like Base-64 encoded movies hiding in the
XML document somewhere.
--
+-----------------------+------------------------+-------------------+
| Elliotte Rusty Harold | elharo@metalab.unc.edu | Writer/Programmer |
+-----------------------+------------------------+-------------------+
| Processing XML with Java (Addison-Wesley, 2002) |
| http://www.cafeconleche.org/books/xmljava |
| http://www.amazon.com/exec/obidos/ISBN%3D0201771861/cafeaulaitA |
+----------------------------------+---------------------------------+
| Read Cafe au Lait for Java News: http://www.cafeaulait.org/ |
| Read Cafe con Leche for XML News: http://www.cafeconleche.org/ |
+----------------------------------+---------------------------------+
|
