Parsing everything (was Re: [standards-jig] JNG Ramblings.)
mikelin at MIT.EDU
Fri Aug 16 10:19:49 UTC 2002
a server well-formedness check probably remains advisable for XML
payloads. however, given a separate envelope format, a well-formedness
check can be done at considerably less expense than loading into a DOM,
which is what has to be done now.
clients should nevertheless be prepared to recover from XML parse
errors. with a framing protocol and document-per-packet this is not so
-- mike --
On Fri, 2002-08-16 at 04:46, Matthias Wimmer wrote:
> Hi Iain!
> You may have noticed that I stopped writing comments to this thread ...
> but this one I have to reply :)
> Iain Shigeoka wrote:
> >XML is still passed. But XML doesn't necessarily need to be parsed. For
> >example, if you know it is a message, it has a TTL of X, and a destination
> >of Y, you can deliver it without parsing the XML. In fact, you don't really
> >care if it is XML which opens the possibility of pretty much sending
> >anything in a message, (the <message> xml being the default... But binary or
> >what have you is fair game).
> I think the server should always parse the XML it routes. This makes it
> harder for an attacker to send malicious data to a client.
> Tot kijk
> Fon: +49-700 77007770 http://matthias-wimmer.de/
> Fax: +49-89 312 88654 jabber://email@example.com
> Standards-JIG mailing list
> Standards-JIG at jabber.org
More information about the Standards