Parsing everything (was Re: [standards-jig] JNG Ramblings.)

Matthias Wimmer m at tthias.net
Fri Aug 16 08:46:35 UTC 2002


Hi Iain!

You may have noticed that I stopped writing comments to this thread ... 
 but this one I have to reply :)

Iain Shigeoka wrote:

>XML is still passed.  But XML doesn't necessarily need to be parsed.  For
>example, if you know it is a message, it has a TTL of X, and a destination
>of Y, you can deliver it without parsing the XML.  In fact, you don't really
>care if it is XML which opens the possibility of pretty much sending
>anything in a message, (the <message> xml being the default... But binary or
>what have you is fair game).
>  
>
I think the server should always parse the XML it routes. This makes it 
harder for an attacker to send malicious data to a client.

Tot kijk
    Matthias

-- 
Fon: +49-700 77007770		http://matthias-wimmer.de/
Fax: +49-89 312 88654		jabber://mawis@charente.de





More information about the Standards mailing list