[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Malicious documents? (WAS: Interesting mailing list & a ra

• To: xml-dev@l...
• Subject: Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• From: Ronald Bourret <rpbourret@r...>
• Date: Mon, 10 Jun 2002 00:44:26 -0700
• References: <000a01c20ecc$90ebb980$887ba8c0@mitchum> <200206081044.42559.miles@m...>

Miles Sabin wrote:
> The more worrying cases are documents which don't have any such intended
> semantics (ie. just dumb data), but get them willy nilly thanks to the
> implicit retrieval semantics of validation.

Worse yet, this isn't limited to validation. A parser is free to read an
external DTD (to get attribute defaults and entity values) even when it
isn't validating. I haven't looked at any of the parsers I've used
closely enough, but it would surprise me if any had a way to turn this
completely off.

-- Ron

• Follow-Ups:
  • Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
    • From: "Rob Lugt" <roblugt@e...>

• References:
  • RE: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
    • From: Bill de hÓra <dehora@e...>
  • Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
    • From: Miles Sabin <miles@m...>

• Prev by Date: Re: Formatting XML
• Next by Date: How to find out the name of the tag where my xmldocument did not validate
• Previous by thread: Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• Next by thread: Re: Malicious documents? (WAS: Interesting mailing list & a rare broadside)
• Index(es):
  • Date
  • Thread