Altova Mailing List Archives
>xml-dev Archive Home
>Thread Prev - Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
>Thread Next - Re: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
RE: [xml-dev] Malicious documents? (WAS: Interesting mailing list & a rare broadside)
To: "'Rob Lugt'" <roblugt@-----.--->,"'Miles Sabin'" <miles@----------.--->,<xml-dev@-----.---.--->
Date: 6/10/2002 2:41:00 PM
> > But then we have a slightly different problem. Developers > who try to > > do the right thing will be hit by interoperability issues. > Either that > > or they have to specify a particular (set of) SAX implementation(s) > > which somewhat undermines SAX as a common API. > > > > On reflection, I think that SAX should be tweaked to at > least require > > support for this feature, and maybe mandate that the > default be to not > > retrieve external entities. > A better solution is to nominate an EntityResolver. This will be called to check all references to external URIs. If you don't want the parser to fetch HTTP URIs, your EntityResolver can prevent it. All SAX parsers, I think, have to support this interface. Michael Kay Software AG home: Michael.H.Kay@n... work: Michael.Kay@s...