[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Extra headaches of securing XML
I'd be surprised if at this point in our history, any would reverse two bedrock design decisions and one prejudice: 1. Declaration is hardwired so really ignored by XML. I'd bet only two in five people who work with XML know what an SGML Declaration is and one of them is retiring next year. It also has features that no one claims to understand let alone knows how to implement, so Lord knows what those would do to the complexity/security problem Tim mentioned. 2. DTDs are bad and validation is optional (except when they aren't such as getting nbsp past IE or overcoming the malformed markup produced by HTML/DHTML era objects). but a small cadre at Extreme Markup would giggle into the wee hours of the morning. This could restart an old thread about putting something-like the SGML Declaration into XML. len (back to cursing the DHTMLEditControl that outputs SGML-like markup that can't be stuffed easily into XML without hacks) - From: Gregory Murphy [mailto:Gregory.Murphy@e...] Maybe SGML would be more secure? Hard limits on element name sizes and attribute counts could be enforced in the SGML declaration.
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|