W3C home > Mailing lists > Public > www-tag@w3.org > December 2002

Re: XML-* [was: ... XML subsetting...]

From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
Date: Fri, 6 Dec 2002 06:40:06 -0500
Message-Id: <p0433010aba163c6abf67@[]>
To: Tim Bray <tbray@textuality.com>
Cc: www-tag@w3.org

At 3:39 PM -0800 12/5/02, Tim Bray wrote:

>You're not correct.  The billion laughs works just fine with only an 
>internal subset.

I'm curious. Why is this called the "billion laughs" attack? The 
billion I get. I don't see the laughs though, but maybe I lack a 
sufficiently advanced sense of humor. :-)

>Your notion about retaining entities but controlling their recursive 
>expansion is plausible and has come up a couple of times now.

I can't say I like this. I don't approve of arbitrary limits to 
document size or depth of recursion. I can easily imagine some 
machine generated XML that needs to recurse deeply enough to enable 
the billion laughs attack without necessarily triggering it.

| Elliotte Rusty Harold | elharo@metalab.unc.edu | Writer/Programmer |
|          XML in a  Nutshell, 2nd Edition (O'Reilly, 2002)          |
|              http://www.cafeconleche.org/books/xian2/              |
|  http://www.amazon.com/exec/obidos/ISBN%3D0596002920/cafeaulaitA/  |
|  Read Cafe au Lait for Java News:  http://www.cafeaulait.org/      |
|  Read Cafe con Leche for XML News: http://www.cafeconleche.org/    |
Received on Friday, 6 December 2002 08:38:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:55:56 UTC