W3C home > Mailing lists > Public > public-xml-er@w3.org > February 2012

Re: Draft - Fixup or Full XML Parser

From: Liam R E Quin <liam@w3.org>
Date: Tue, 21 Feb 2012 20:20:23 -0500
To: Norman Walsh <ndw@nwalsh.com>
Cc: W3C XML-ER Community Group <public-xml-er@w3.org>
Message-ID: <1329873623.15237.143.camel@localhost.localdomain>
On Tue, 2012-02-21 at 17:07 -0500, Norman Walsh wrote:

> I'm in favor of predefining all the html5/mathml entities.
Makes sense, Witin 2 years every RSS reader on the planet will need to
be updated, though.

>  And
> presented with "&flubber;", where no definition of the flubber entity
> is known (for whatever reason, TBD), I think "&amp;flubber;" is about
> the best recovery we could hope for.

Going and fetching the definition of &flubber; from the DTD does not
seem unreasonable.  Browsers stopped fetching DTDs and processing entity
definitions after the stupid "billion laughs" fud (it was a real attack,
but exactly the same attack obviously works for javascript too, with
exactly the same one-line fix, and people didn't stop using javascript).

There's content out there that assumes entity definitions work.

So one possible strategy might be to fetch a DTD only at the point where
the parser sees an undeclared entity.

This wouldn't help people who do
<!ENTITY egrave SYSTEM "egrave.xml">
and expect &egrave; to include a file, since &egrave; won't trigger
fetching the DTD.

Liam

-- 
Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/
Pictures from old books: http://fromoldbooks.org/
Received on Wednesday, 22 February 2012 01:22:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 22 February 2012 01:22:23 GMT