[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Malicious documents? (WAS: Interesting mailing list & a r
Rob Lugt wrote, > Miles Sabin wrote > > Which means that even if developers are aware that they ought to > > disable external entity retrieval, and are aware of how to do it, > > they have no guarantee that it'll actually happen. > > Sure they do. If the SAX parser they are using doesn't support the > feature, then they'll get an UnsupportedFeatureException when they > try to set it. But then we have a slightly different problem. Developers who try to do the right thing will be hit by interoperability issues. Either that or they have to specify a particular (set of) SAX implementation(s) which somewhat undermines SAX as a common API. On reflection, I think that SAX should be tweaked to at least require support for this feature, and maybe mandate that the default be to not retrieve external entities. Cheers, Miles
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|