- From: Dirk Schulze via GitHub <sysbot+gh@w3.org>
- Date: Tue, 16 Apr 2019 05:57:16 +0000
- To: public-svg-issues@w3.org
dirkschulze has just labeled an issue for https://github.com/w3c/svgwg as "SVG Native": == [svg-native] Support for XML entities/CDATA required? == Could remove the requirement to support XML entities? Maybe even say implementations _should not_ support it? XML entities require a special XML parser. Furthermore, there are attack patterns like the [billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack) that could mean a security but at least reliability threat. SVG OT uses _should not_ as well. See https://github.com/w3c/svgwg/issues/672
Received on Tuesday, 16 April 2019 05:57:18 UTC