- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 19 Jun 2002 09:31:24 +0200
- To: <w3c-dist-auth@w3c.org>
Hi, there was recently an xml-dev thread about security problems allowing arbitrary XML in protocols (see for instance [1]). As WebDAV doesn't need resolution of external entities / DTD validation, I'd suggest to specfiy that servers and clients MUST NOT resolve external entities, that is, MUST reject any WebDAV protocol message that contains external entities. Feedback appreciated. [1] <http://lists.xml.org/archives/xml-dev/200206/msg00247.html>
Received on Wednesday, 19 June 2002 03:31:55 UTC