Re: I-D ACTION:draft-ietf-webdav-rfc2518bis-03.txt

> 6) Section 8.1.1 (use of XML)
>
> Replace
>
> "Some of the following new HTTP methods use XML as a request and 
> response
> format.  All DAV compliant clients and resources MUST use   XML 
> parsers that
> are compliant with [REC-XML].  All XML used in either requests or 
> responses
> MUST be, at minimum, well formed.  If a server receives ill-formed XML 
> in a
> request it MUST reject the entire request with a 400 (Bad Request)."
>
> by
>
> "Some of the following new HTTP methods use XML as a request and 
> response
> format.  All DAV compliant clients and resources MUST use   XML 
> parsers that
> are compliant with [REC-XML] and [REC-XML-NAMES].  All XML used in 
> either
> requests or responses MUST be, at minimum, well formed and
> namespace-well-formed.  If a server receives ill-formed XML in a 
> request it
> MUST reject the entire request with a 400 (Bad Request)."

Please note that use of an XML-compliant parser for an Internet protocol
will introduce a simple and well-known denial-of-service problem 
involving
recursive entity declarations.

....Roy

Received on Thursday, 13 March 2003 13:50:19 UTC