[JDEV] XML Requirements for Parsing Jabber Messages

Charles Miller cmiller at pastiche.org
Sat Nov 2 23:18:52 CST 2002


Bernd Eckenfels propagated the following meme:
> On Sun, Nov 03, 2002 at 03:00:02PM +1100, Charles Miller wrote:
> > Thus if you're using an off-the-shelf XML parser, it's a good idea to 
> > filter out things you're not expecting (such as DTD declarations) before
> > they hit the parser.
> 
> Filter out before you parse XML? :)

Point taken. 

Sometimes you're so deep in hacking something that you don't realise the
solution that's working for you isn't necessarily applicable to the general
population. :)

On the other hand, never underestimate the value of a lightweight crap-
filter as a defense against malformed or malicious input.

Charles Miller

-- 
Contributing to the Heat Death of the Universe since 1975.
http://fishbowl.pastiche.org -- -- The Weblog



More information about the JDev mailing list