- From: Chris Lilley via GitHub <sysbot+gh@w3.org>
- Date: Wed, 17 Apr 2019 17:57:49 +0000
- To: public-svg-issues@w3.org
XML entities (and all the rest of the internal DTD subset) is required by a fully conforming XML parser. Note that this is entirely separate from whether it uses the DTD (internal subset, and external subset) for DTD validation. Even a parser which just does well-formed checks, needs to parse *and then ignore* all the DTD syntax, although it is still required to perform entity substitution and fill in attribute defaults. This is a well-known problem, and means that most of the implementation burden for an XML parser is for parts of the language that are only used in DTDs. It also is a [security issue](https://en.wikipedia.org/wiki/XML_external_entity_attack), because it is trivially easy to make memory explore. Entity A is "1234567890" and entity B is ten of entity A, and entity Z requires petabytes of storage. This has caused some to [call for an XML 2.0](https://norman.walsh.name/2008/02/20/xml20) or to [propose MicroXML](https://www.w3.org/community/microxml/wiki/Main_Page) which just has the document parts of XML and not the whole DTD part. (A major blocker to that is the use by HTML5 of a mininal DOCTYPE as a flag). Regardless of standardization efforts in that space, in my view SVG Native should a) require only the DTD-less subset of XML be supported (so a parser that handles only the document subset is fully conforming) b) make the use of DOCTYPE be non-conforming for SVG Native content -- GitHub Notification of comment by svgeesus Please view or discuss this issue at https://github.com/w3c/svgwg/issues/672#issuecomment-484197154 using your GitHub account
Received on Wednesday, 17 April 2019 17:57:53 UTC