- From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
- Date: Fri, 6 Dec 2002 06:40:06 -0500
- To: Tim Bray <tbray@textuality.com>
- Cc: www-tag@w3.org
At 3:39 PM -0800 12/5/02, Tim Bray wrote: >You're not correct. The billion laughs works just fine with only an >internal subset. I'm curious. Why is this called the "billion laughs" attack? The billion I get. I don't see the laughs though, but maybe I lack a sufficiently advanced sense of humor. :-) >Your notion about retaining entities but controlling their recursive >expansion is plausible and has come up a couple of times now. I can't say I like this. I don't approve of arbitrary limits to document size or depth of recursion. I can easily imagine some machine generated XML that needs to recurse deeply enough to enable the billion laughs attack without necessarily triggering it. -- +-----------------------+------------------------+-------------------+ | Elliotte Rusty Harold | elharo@metalab.unc.edu | Writer/Programmer | +-----------------------+------------------------+-------------------+ | XML in a Nutshell, 2nd Edition (O'Reilly, 2002) | | http://www.cafeconleche.org/books/xian2/ | | http://www.amazon.com/exec/obidos/ISBN%3D0596002920/cafeaulaitA/ | +----------------------------------+---------------------------------+ | Read Cafe au Lait for Java News: http://www.cafeaulait.org/ | | Read Cafe con Leche for XML News: http://www.cafeconleche.org/ | +----------------------------------+---------------------------------+
Received on Friday, 6 December 2002 08:38:05 UTC