- From: Roy T. Fielding <fielding@apache.org>
- Date: Thu, 13 Mar 2003 10:30:25 -0800
- To: "Julian Reschke" <julian.reschke@gmx.de>
- Cc: <w3c-dist-auth@w3.org>
> 6) Section 8.1.1 (use of XML) > > Replace > > "Some of the following new HTTP methods use XML as a request and > response > format. All DAV compliant clients and resources MUST use XML > parsers that > are compliant with [REC-XML]. All XML used in either requests or > responses > MUST be, at minimum, well formed. If a server receives ill-formed XML > in a > request it MUST reject the entire request with a 400 (Bad Request)." > > by > > "Some of the following new HTTP methods use XML as a request and > response > format. All DAV compliant clients and resources MUST use XML > parsers that > are compliant with [REC-XML] and [REC-XML-NAMES]. All XML used in > either > requests or responses MUST be, at minimum, well formed and > namespace-well-formed. If a server receives ill-formed XML in a > request it > MUST reject the entire request with a 400 (Bad Request)." Please note that use of an XML-compliant parser for an Internet protocol will introduce a simple and well-known denial-of-service problem involving recursive entity declarations. ....Roy
Received on Thursday, 13 March 2003 13:50:19 UTC