Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Malicious documents? (WAS: Interesting mailing list & a r
 Ronald Bourret wrote > Worse yet, this isn't limited to validation. A parser is free to read an > external DTD (to get attribute defaults and entity values) even when it > isn't validating. I haven't looked at any of the parsers I've used > closely enough, but it would surprise me if any had a way to turn this > completely off. > Hi Ron, prepare to be pleasantly surprised. There is a standard feature in SAX called "http://xml.org/sax/features/external-parameter-entities", which prevents the parser from reading any external entities - including the external DTD subset. Not all SAX parsers support this feature, but many do (ours included). Regards ~Rob -- Rob Lugt ElCel Technology http://www.elcel.com/ 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
