Parsing everything (was Re: [standards-jig] JNG Ramblings.)
m at tthias.net
Fri Aug 16 08:46:35 UTC 2002
You may have noticed that I stopped writing comments to this thread ...
but this one I have to reply :)
Iain Shigeoka wrote:
>XML is still passed. But XML doesn't necessarily need to be parsed. For
>example, if you know it is a message, it has a TTL of X, and a destination
>of Y, you can deliver it without parsing the XML. In fact, you don't really
>care if it is XML which opens the possibility of pretty much sending
>anything in a message, (the <message> xml being the default... But binary or
>what have you is fair game).
I think the server should always parse the XML it routes. This makes it
harder for an attacker to send malicious data to a client.
Fon: +49-700 77007770 http://matthias-wimmer.de/
Fax: +49-89 312 88654 jabber://email@example.com
More information about the Standards