|
oss-sec
mailing list archives
Robust XML validation
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 12 Dec 2012 18:11:47 +0100
I'm working on guidelines for robust XML parsing and I noticed that
there are some denial-of-service issues related to validation which do
not seem widely documented (but were apparently known when SGML was
specified).
I wonder if we should care about this in the sense that we should
prepare fixes, or if it is sufficient to recommend to validate against
trusted schemas/DTDs only. (I've found an implementation which gets
right the things I tested so far, so efficient implementations aren't
impossible.)
--
Florian Weimer / Red Hat Product Security Team
 By Date 
By Thread
Current thread:
- Robust XML validation Florian Weimer (Dec 12)
|
