Parsing everything (was Re: [standards-jig] JNG Ramblings.)

Mike Lin mikelin at MIT.EDU
Fri Aug 16 10:19:49 UTC 2002


a server well-formedness check probably remains advisable for XML
payloads. however, given a separate envelope format, a well-formedness
check can be done at considerably less expense than loading into a DOM,
which is what has to be done now.

clients should nevertheless be prepared to recover from XML parse
errors. with a framing protocol and document-per-packet this is not so
hard.

-- mike --

On Fri, 2002-08-16 at 04:46, Matthias Wimmer wrote:
> Hi Iain!
> 
> You may have noticed that I stopped writing comments to this thread ... 
>  but this one I have to reply :)
> 
> Iain Shigeoka wrote:
> 
> >XML is still passed.  But XML doesn't necessarily need to be parsed.  For
> >example, if you know it is a message, it has a TTL of X, and a destination
> >of Y, you can deliver it without parsing the XML.  In fact, you don't really
> >care if it is XML which opens the possibility of pretty much sending
> >anything in a message, (the <message> xml being the default... But binary or
> >what have you is fair game).
> >  
> >
> I think the server should always parse the XML it routes. This makes it 
> harder for an attacker to send malicious data to a client.
> 
> Tot kijk
>     Matthias
> 
> -- 
> Fon: +49-700 77007770		http://matthias-wimmer.de/
> Fax: +49-89 312 88654		jabber://mawis@charente.de
> 
> 
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig





More information about the Standards mailing list