XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] Embedding image files in XML using data URLs

> An xs:anyURI value can be a data URL.

that's hardly surprising given that (in later interpretations of xsd) any string is valid xs:anyURI value.

> An xs:anyURI value can either link to external data or it can inline the data using a data URL.
or said differently   an xsl:anyURI value can refer to a resource by its URI

> A data URL in an XML instance document exposes the recipient of the XML to the risks described above. Namely, link filters can be circumvented and undesirable data can be smuggled in without notice.


shrug, I don't think those risks are particularly the result of anyURI. If you interpret any XML you get from anywhere it's up to you to ensure that that interpretation is safe.

If it was encoded as a string <base64image>wAARCADqATkDASIA....</base64image> then there are no URI involved but you still have to decide whether or not it is safe to decode the base64.and do something with the result.




David


 
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS