[Standards-JIG] Pre-Proto XEP - Karma

Pedro Melo melo at co.sapo.pt
Fri Jan 5 22:48:05 UTC 2007


On Jan 5, 2007, at 7:48 PM, Justin Karneges wrote:

> On Friday 05 January 2007 5:59 am, Pedro Melo wrote:
>> On top of the other two I've already sent, there are also limits at
>> the XML parser that should be considered:
>>
>>   - max node name size: sending <screeeeeeeeeee(insert enourmus
>> amounts of e's here)eeam> is probably going to kill you XML parser;
>>   - max number of node attributes;
>>   - max attribute name and attribute value sizes;
>>   - max size for char sequences between elements.
>>
>> this ones should make sure that you at least receive a SAX event
>> before exausting your memory.
>>
>> FYI,  I don't know any XML parser that implements this.
>
> I'm not aware of any such parser either.  It is hard enough finding  
> parsers
> that are tolerant to byte-by-byte input for network use. :)

for now I'm happy with libxml2...

> However, it should be relatively easy to get the effect you want  
> without
> modifying the parser.  You probably already have code that reads  
> from a
> network socket and passes this data to a SAX parser.  Simply count  
> the bytes
> you read, and reset the counter whenever you receive a SAX event  
> from your
> parser.  If the counter gets really large, you kill the connection.

hmmms... yes, I can see this working... Nice, never though about this  
way.

> A very advanced parser might be able to start ignoring data in an  
> attempt
> to "skip over" a stanza.  For example, if "screeeeeeeeeam" gets too  
> long,
> then the parser goes into ignore-mode and only cares about finding  
> the next
> whitespace character.  However, you'll have trouble reading the  
> closing tag
> and matching it...

My "ideal" parser would kill that connection :) No need to match a  
end tag.

Best regards,
--
HIId: Pedro Melo
SMTP: melo at co.sapo.pt
XMPP: pedro.melo at sapo.pt




More information about the Standards mailing list