[Standards-JIG] Pre-Proto XEP - Karma
Pedro Melo
melo at co.sapo.pt
Fri Jan 5 16:48:05 CST 2007
On Jan 5, 2007, at 7:48 PM, Justin Karneges wrote:
> On Friday 05 January 2007 5:59 am, Pedro Melo wrote:
>> On top of the other two I've already sent, there are also limits at
>> the XML parser that should be considered:
>>
>> - max node name size: sending <screeeeeeeeeee(insert enourmus
>> amounts of e's here)eeam> is probably going to kill you XML parser;
>> - max number of node attributes;
>> - max attribute name and attribute value sizes;
>> - max size for char sequences between elements.
>>
>> this ones should make sure that you at least receive a SAX event
>> before exausting your memory.
>>
>> FYI, I don't know any XML parser that implements this.
>
> I'm not aware of any such parser either. It is hard enough finding
> parsers
> that are tolerant to byte-by-byte input for network use. :)
for now I'm happy with libxml2...
> However, it should be relatively easy to get the effect you want
> without
> modifying the parser. You probably already have code that reads
> from a
> network socket and passes this data to a SAX parser. Simply count
> the bytes
> you read, and reset the counter whenever you receive a SAX event
> from your
> parser. If the counter gets really large, you kill the connection.
hmmms... yes, I can see this working... Nice, never though about this
way.
> A very advanced parser might be able to start ignoring data in an
> attempt
> to "skip over" a stanza. For example, if "screeeeeeeeeam" gets too
> long,
> then the parser goes into ignore-mode and only cares about finding
> the next
> whitespace character. However, you'll have trouble reading the
> closing tag
> and matching it...
My "ideal" parser would kill that connection :) No need to match a
end tag.
Best regards,
--
HIId: Pedro Melo
SMTP: melo at co.sapo.pt
XMPP: pedro.melo at sapo.pt
More information about the Standards
mailing list