[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] Wikipedia on XML
- From: Liam Quin <liam@w3.org>
- To: Amelia A Lewis <amyzing@talsever.com>
- Date: Mon, 24 Aug 2009 23:08:30 -0400
On Mon, Aug 24, 2009 at 11:09:37AM -0400, Amelia A Lewis wrote:
> On Mon, 24 Aug 2009 11:07:34 +0200, Michael Ludwig wrote:
> > Precisely why the internal DTD subset should be such a problem,
> > I don't understand.
[...]
>
> Google "billion laughs".
Google "poorly-trained programmers who write bad code" :)
JavaScript has as many vulnerabilities as XML in this regard
(and watch for all those books and articles saying you
load JSON in a browser using "eval")
There _is_ an issue with an external DTD subset that I think
is a real one, although perhaps not as major as some say -
browser writers want to avoid having to download a file that
can change the structure of the document, as then either the
browser must wait before rendering anything, or the document
may need to be rendered again from scratch. E.g. a dtd that
puts the root element in a different namespace using a fixed
attribute.
Liam
--
Liam Quin, W3C XML Activity Lead, http://www.w3.org/People/Quin/
http://www.holoweb.net/~liam/ * http://www.fromoldbooks.org/
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
