[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] Namespace prefixes are a security risk
- From: David Carlisle <davidc@nag.co.uk>
- To: "Costello, Roger L." <costello@mitre.org>
- Date: Tue, 29 Dec 2009 01:26:35 GMT
> I welcome your comments.
as others have said, there is no reason to single out out namespace
prefixes. Information can be encoded in the use of white space, or the
choice of " or ' around attribute values for example. Also the posted
code has a real chance of breaking the docuement as it doesn't consider
qnames in content. If for example you applied that to a xslt stylesheet
to normalise the prefixes used, then all xpaths within the stylesheet
would break unless you changed them to match which isn't really possible
without access to an xpath parser at run time.
David
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
