Re: XML-* [was: ... XML subsetting...] from Elliotte Rusty Harold on 2002-12-06 (www-tag@w3.org from December 2002)

From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
Date: Fri, 6 Dec 2002 10:41:28 -0500
To: Tim Bray <tbray@textuality.com>
Cc: www-tag@w3.org
Message-Id: <p04330101ba167386b215@[192.168.254.4]>

At 7:04 AM -0800 12/6/02, Tim Bray wrote:

>>  I can't say I like this. I don't approve of arbitrary limits to 
>>document size or depth of recursion. I can easily imagine some 
>>machine generated XML that needs to recurse deeply enough to enable 
>>the billion laughs attack without necessarily triggering it.

Imagine an SVG based picture of the Mandelbrot set (or hell, it 
doesn't have to be fractal, any sufficiently deep algorithmically 
generated picture would do) in which different levels were connected 
by entity references.

Or imagine a system in which successive time increments were children 
of the previous instance rather than siblings.

Or imagine an XML-based object oriented language (there are several) 
which allowed nested classes or methods. A code generating tool might 
easily put far more classes inside each other, and far deeper than 
any human programmer would. (Auto-generated code from tools like YACC 
is notorious for exposing compiler bugs caused by arbitrary limits 
and assumptions about what code looks like). Again if each separate 
nested class is a separate file connected by an entity reference, 
there's a problem.

Think of things that are deep and recursive but don't explode 
exponentially. We don't want to forbid those.
-- 

+-----------------------+------------------------+-------------------+
| Elliotte Rusty Harold | elharo@metalab.unc.edu | Writer/Programmer |
+-----------------------+------------------------+-------------------+
|          XML in a  Nutshell, 2nd Edition (O'Reilly, 2002)          |
|              http://www.cafeconleche.org/books/xian2/              |
|  http://www.amazon.com/exec/obidos/ISBN%3D0596002920/cafeaulaitA/  |
+----------------------------------+---------------------------------+
|  Read Cafe au Lait for Java News:  http://www.cafeaulait.org/      |
|  Read Cafe con Leche for XML News: http://www.cafeconleche.org/    |
+----------------------------------+---------------------------------+

Received on Friday, 6 December 2002 10:44:42 UTC