Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Malicious documents? (WAS: Interesting mailing list & a ra
 David Megginson had a nice piece to this effect a few years ago: http://www.megginson.com/ugly/index.html "When XML Turns Ugly" This was pre-schema, and still largely client-oriented, but has a lot of interesting pieces on the dangers of XML processing. At 11:24 AM 6/8/2002 +0100, Miles Sabin wrote: >Yes it is, but it's now pretty widely understood that HTML (with or >without embedded scripts or objects) can be dangerous on the client. > >I don't think there's the same understanding of vulnerabilities on the >server side: if you POST and HTML document to a server you wouldn't >normally expect it to attempt to retrieve images or execute embedded >scripts or objects. OTOH, with an XML POST to a validating XML >processor, retrieval of referenced external enities is precisely what's >going to happen in many cases. Simon St.Laurent "Every day in every way I'm getting better and better." - Emile Coue 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
