- From: Daniel Veillard <daniel@veillard.com>
- Date: Sat, 9 Oct 2004 14:40:18 +0200
- To: "Henry S. Thompson" <ht@inf.ed.ac.uk>
- Cc: Jeff Rafter <lists@jeffrafter.com>, xmlschema-dev@w3.org, xml-dev@lists.xml.org
On Fri, Oct 08, 2004 at 05:30:50PM +0100, Henry S. Thompson wrote: > The really good news is that this approach doesn't require XSV to punt > in the face of large exponents, which it used to do (i.e. treated all > numbers > 100 in min/maxOccurs as if they _were_ 100). All other > existing processors do something similar (that is, punt above some > number), I believe. libxml2 regexps used counters since day 1 for min/maxoccurs implementation. The explosion didn't look a supportable alternative to me as it opens the door to trivial DoS attacks or forces to break the schemas validation which is also a big problem if you consider schemas as a contract between two communicating parties. Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ |
Received on Saturday, 9 October 2004 12:41:18 UTC