- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 06 Sep 2004 21:13:52 +0200
- To: Liam Quinn <liam@htmlhelp.com>
- Cc: QA Dev <public-qa-dev@w3.org>
* Liam Quinn wrote: >I suspect that "file" URIs would also work if SP_WININET were defined, >although -R doesn't help that situation. It does not work using onsgmls and it seems that guessIsId() should reject any non-HTTP scheme request for both the WinInet and the URL storage managers. This might change though as there is some interest in storing catalogs, DTDs, etc. in e.g. a single DLL or EXE to ship just one file. >The last item and "<OSFILE>/etc/passwd" are the threats relevant to -R. Right, I've created http://esw.w3.org/topic/MarkupValidator/Threats and noted this as an additional case. This can also be used for denial of service attacks, due to the number of copies OpenSP creates of a system identifier, and that those are all stored using >= 32 Bit for each char, having a large <LITERAL> might consume all available memory.
Received on Monday, 6 September 2004 19:14:40 UTC