Altova Mailing List Archives

RE: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)

From: "Michael Kay" <michael.h.kay@--------.--->
To: "'Rob Lugt'" <roblugt@-----.--->,"'Miles Sabin'" <miles@----------.--->,<xml-dev@-----.---.--->
Date: 6/10/2002 2:41:00 PM
> > But then we have a slightly different problem. Developers 
> who try to 
> > do the right thing will be hit by interoperability issues. 
> Either that 
> > or they have to specify a particular (set of) SAX implementation(s) 
> > which somewhat undermines SAX as a common API.
> >
> > On reflection, I think that SAX should be tweaked to at 
> least require 
> > support for this feature, and maybe mandate that the 
> default be to not 
> > retrieve external entities.

A better solution is to nominate an EntityResolver. This will be called
to check all references to external URIs. If you don't want the parser
to fetch HTTP URIs, your EntityResolver can prevent it. All SAX parsers,
I think, have to support this interface.

Michael Kay
Software AG
home: Michael.H.Kay@n...
work: Michael.Kay@s...


These Archives are provided for informational purposes only and have been generated directly from the Altova mailing list archive system and are comprised of the lists set forth on Therefore, Altova does not warrant or guarantee the accuracy, reliability, completeness, usefulness, non-infringement of intellectual property rights, or quality of any content on the Altova Mailing List Archive(s), regardless of who originates that content. You expressly understand and agree that you bear all risks associated with using or relying on that content. Altova will not be liable or responsible in any way for any content posted including, but not limited to, any errors or omissions in content, or for any losses or damage of any kind incurred as a result of the use of or reliance on any content. This disclaimer and limitation on liability is in addition to the disclaimers and limitations contained in the Website Terms of Use and elsewhere on the site.