- From: Tim Bray <tbray@textuality.com>
- Date: Thu, 05 Dec 2002 15:39:39 -0800
- To: jeremy@dunck.us
- Cc: pgrosso@arbortext.com, www-tag@w3.org
Jeremy Dunck wrote: > Lastly, am I correct in my understanding that the DoS through entity > expansion is only possible when external subsets are used, and when that > referenced subset is compromised? That is, how can the DoS happen if > only trusted resources are used as external subsets? You're not correct. The billion laughs works just fine with only an internal subset. Your notion about retaining entities but controlling their recursive expansion is plausible and has come up a couple of times now. Hmm -Tim
Received on Thursday, 5 December 2002 18:39:41 UTC