Re: XML-* [was: ... XML subsetting...]

Jeremy Dunck wrote:

> Lastly, am I correct in my understanding that the DoS through entity 
> expansion is only possible when external subsets are used, and when that 
> referenced subset is compromised?  That is, how can the DoS happen if 
> only trusted resources are used as external subsets?

You're not correct.  The billion laughs works just fine with only an 
internal subset.

Your notion about retaining entities but controlling their recursive 
expansion is plausible and has come up a couple of times now.  Hmm -Tim

Received on Thursday, 5 December 2002 18:39:41 UTC