[svgwg] Issue: [svg-native] Support for XML entities/CDATA required? (#672) marked as SVG Native from Dirk Schulze via GitHub on 2019-04-16 (public-svg-issues@w3.org from April 2019)

From: Dirk Schulze via GitHub <sysbot+gh@w3.org>
Date: Tue, 16 Apr 2019 05:57:16 +0000
To: public-svg-issues@w3.org
Message-ID: <issues.labeled-433595936-None-sysbot+gh@w3.org>

dirkschulze has just labeled an issue for https://github.com/w3c/svgwg as "SVG Native":

== [svg-native] Support for XML entities/CDATA required? ==
Could remove the requirement to support XML entities? Maybe even say implementations _should not_ support it? XML entities require a special XML parser. Furthermore, there are attack patterns like the [billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack) that could mean a security but at least reliability threat.

SVG OT uses _should not_ as well.

See https://github.com/w3c/svgwg/issues/672

Received on Tuesday, 16 April 2019 05:57:18 UTC