- From: Dirk Schulze via GitHub <sysbot+gh@w3.org>
- Date: Tue, 16 Apr 2019 05:56:54 +0000
- To: public-svg-issues@w3.org
dirkschulze has just created a new issue for https://github.com/w3c/svgwg: == [svg-native] Support for XML entities/CDATA required? == Could remove the requirement to support XML entities? Maybe even say implementations _should_ not support it? XML entities require a special XML parser. Furthermore, there are attack patterns like the [billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack) that could mean a security but at least reliability threat. SVG OT uses _should not_ as well. Please view or discuss this issue at https://github.com/w3c/svgwg/issues/672 using your GitHub account
Received on Tuesday, 16 April 2019 05:56:56 UTC