[svgwg] [svg-native] Support for XML entities/CDATA required? (#672) from Dirk Schulze via GitHub on 2019-04-16 (public-svg-issues@w3.org from April 2019)

From: Dirk Schulze via GitHub <sysbot+gh@w3.org>
Date: Tue, 16 Apr 2019 05:56:54 +0000
To: public-svg-issues@w3.org
Message-ID: <issues.opened-433595936-1555394212-sysbot+gh@w3.org>

dirkschulze has just created a new issue for https://github.com/w3c/svgwg:

== [svg-native] Support for XML entities/CDATA required? ==
Could remove the requirement to support XML entities? Maybe even say implementations _should_ not support it? XML entities require a special XML parser. Furthermore, there are attack patterns like the [billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack) that could mean a security but at least reliability threat.

SVG OT uses _should not_ as well.

Please view or discuss this issue at https://github.com/w3c/svgwg/issues/672 using your GitHub account

Received on Tuesday, 16 April 2019 05:56:56 UTC