Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: The subsetting has begun
 > At 9:08 AM -0500 2/21/03, Karl Waclawek wrote: > > >There is one reason that is valid, IMO, and that is to prevent > >"a million laughs" attacks. > > This is not a decision that should be made at the parser level > though. Parsers do need to process documents that contain document > type declarations. No one should ship a parser that simply gives up > when it encounters a document type declaration. I agree. It would be nice, however, if SAX for instance allowed an application to stop parsing (based on an event) without having to throw an exception. > An application such as SOAP may decide it doesn't want to accept > document type declarations, and reject documents that contain them, > perhaps to avoid the billion laughs attack, perhaps for other > reasons. I still think that's a bad idea, but it's not nearly as bad > an idea as what's happening in JSR 172. This is turning up the > subsetting a notch. Now the parser is making the decision to reject > documents that contain document type declarations rather than the > application using the parser. SOAP's mistake only affects SOAP. This > affects everybody using that parser for any application. > > In brief, the SOAP subset is now infecting the rest of XML. This > needs to be stopped. Well, I am no friend of XML RPC anyway, so you have my vote there. Karl 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
