OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Extra headaches of securing XML

[ Lists Home | Date Index | Thread Index ]

I'd be surprised if at this point in our history, any would 
reverse two bedrock design decisions and one prejudice:

1. Declaration is hardwired so really ignored by XML.  I'd bet only
   two in five people who work with XML know what an SGML Declaration is 
   and one of them is retiring next year.  It also has features that 
   no one claims to understand let alone knows how to implement, so 
   Lord knows what those would do to the complexity/security problem 
   Tim mentioned.

2. DTDs are bad and validation is optional (except when they aren't such 
   as getting nbsp past IE or overcoming the malformed markup produced 
   by HTML/DHTML era objects).

but a small cadre at Extreme Markup would giggle into 
the wee hours of the morning.

This could restart an old thread about putting 
something-like the SGML Declaration into XML.


(back to cursing the DHTMLEditControl that outputs 
 SGML-like markup that can't be stuffed easily into 
 XML without hacks)

From: Gregory Murphy [mailto:Gregory.Murphy@eng.sun.com]

Maybe SGML would be more secure? Hard limits on element name sizes and
attribute counts could be enforced in the SGML declaration.


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS