[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Malicious documents?

• To: xml-dev@l...
• Subject: Re: Malicious documents?
• From: Richard Tobin <richard@c...>
• Date: Wed, 12 Jun 2002 17:31:38 +0100 (BST)
• Cc:
• In-reply-to: <200206080937.10010.miles@m...>
• Organization: HCRC, University of Edinburgh

I see that merely by visiting a page with a *really* big font you can
crash your X server (http://www.theregister.co.uk/content/55/25689.html).

Similarly I can hang Mozilla by loading the old "billion laughs"
document (http://www.cogsci.ed.ac.uk/~richard/billion-laughs.xml -
don't try it unless you're willing to restart your browser).

I had to install several checks on my XML checking page
(http://www.cogsci.ed.ac.uk/~richard/xml-check.html), in one case to
prevent it being used to download advertising images for which the
abuser presumably received payment per hit.

-- Richard

• References:
  • Malicious documents? (WAS: Interesting mailing list & a rare broadside)
    • From: Miles Sabin <miles@m...>

• Prev by Date: Re: W3C Schema: Resistance is Futile, says Don Box
• Next by Date: RE: Periodic plea for a bit of throttling back
• Previous by thread: Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• Next by thread: Re: Interesting mailing list & a rare broadside
• Index(es):
  • Date
  • Thread