W3C home > Mailing lists > Public > xmlschema-dev@w3.org > July 2005

XSV potential issue

From: Cory Virok <cory@dolphtech.com>
Date: Thu, 14 Jul 2005 09:56:23 -0400
Message-ID: <42D66F07.8050206@dolphtech.com>
To: xmlschema-dev@w3.org

To whom it may concern,

I was using the XSV utility today, 
(http://www.w3.org/2001/03/webdata/xsv works great! thanks) and saw that 
there was no problems in importing any file on the server within my schema.

Ex: try validating this:

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:blah="ns" 
elementFormDefault="qualified" attributeFormDefault="unqualified">
    <xs:import namespace="blah" schemaLocation="/etc/passwd"/>

You'll get errors, of course since /etc/passwd is not valid XML, but the 
fact that the XSV server has access to it is a potential danger.

Thought you might like to know,
- Cory Virok
Received on Friday, 15 July 2005 04:03:08 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:56:08 UTC