[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Malicious XML

• To: xml-dev@l...
• Subject: Re: Malicious XML
• From: Gustaf Liljegren <gustaf.liljegren@x...>
• Date: Fri, 15 Nov 2002 11:54:28 +0100
• In-reply-to: <001f01c28c22$fcd8f990$9e539696@citkwaclaww2k>

Karl Waclawek wrote:

>are there any well-known ways to protect against
>malicious XML, e.g. XML that causes your parser
>to eat up all memory?

I can't find a way to produce malicious XML without having extremely large
files, since recursive entity references are not allowed. Here's one
example of a recursive entity reference:

<?xml version="1.0"?>
<!DOCTYPE a [
<!ENTITY a "<element>&b;</element>">
<!ENTITY b "&a;">
]>
<element>&a;</element>

Interestingly enough, this caused MSIE 6 to crash, but I'd say that's
because of the malicious parser. Mozilla 1 does the right thing:

XML Parsing Error: recursive entity reference
Location: file:///E:/test/circle.xml
Line Number 6, Column 10:

<element>&a;</element>
---------^

Has anyone else succeeded to produce a small, malicious and well-formed XML
document?

Gustaf

• References:
  • Malicious XML
    • From: "Karl Waclawek" <karl@w...>

• Prev by Date: Re: Malicious XML
• Next by Date: Re: Alternatives to DOM for writing XML
• Previous by thread: Re: Malicious XML
• Next by thread: RDF and the new releases
• Index(es):
  • Date
  • Thread