RE: Malicious documents? (WAS: Interesting mailing list & a r
> > But then we have a slightly different problem. Developers > who try to > > do the right thing will be hit by interoperability issues. > Either that > > or they have to specify a particular (set of) SAX implementation(s) > > which somewhat undermines SAX as a common API. > > > > On reflection, I think that SAX should be tweaked to at > least require > > support for this feature, and maybe mandate that the > default be to not > > retrieve external entities. > A better solution is to nominate an EntityResolver. This will be called to check all references to external URIs. If you don't want the parser to fetch HTTP URIs, your EntityResolver can prevent it. All SAX parsers, I think, have to support this interface. Michael Kay Software AG home: Michael.H.Kay@n... work: Michael.Kay@s...
PURCHASE STYLUS STUDIO ONLINE TODAY!
Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!
Download The World's Best XML IDE!
Accelerate XML development with our award-winning XML IDE - Download a free trial today!
Subscribe in XML format