[
Lists Home |
Date Index |
Thread Index
]
David Megginson <david@megginson.com> writes:
> K. Ari Krupnikov writes:
>
> > Would you report it as a (perhaps recoverable) error? Braking
> > character data into multiple events would defy the purpose of this
> > filter (to relieve content handlers from the need to do that
> > themselves) and do nothing to solve the security issue.
>
> Here's an easy attack -- send you a start tag, then just keep sending
> random alphanumeric characters until your system chokes. An arbitrary
> limit -- even a very high one, like a few gigabytes -- would be useful.
I see your point - introducing the potential for memory exhaustion in
an API that otherwise does not deal with memory allocation. But since
some memory will likely be allocated to store information from chunks
of the document (you can't always stream /everything/), you could as
easily choke my system by sending me empty start tags in the right
position in the document.
I did not originally have streaming applications with large character
content sections in mind. Thank you for pointing out a limit to this
filter's application domain -- I shall include it in the documentation.
Ari.
|
