<br><br><div><span class="gmail_quote">On 8/9/06, <b class="gmail_sendername">Michal vorner Vaner</b> <<a href="mailto:michal.vaner@kdemail.net">michal.vaner@kdemail.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Wed, Aug 09, 2006 at 08:34:28PM +0200, Scott Cotton wrote:<br>> Hi all,<br>><br>> I've come across something which seem like a possible issue w.r.t. xml<br>> processing<br>> for xmpp implementations.
<br>><br>> The first is that rfc1390, sec 11.1 (restrictions on xml) states that<br>><br>> 1) With regard to XML generation, an XMPP implementation MUST NOT inject<br>> into an XML stream any of the following
<br>> [ dtds and stuff]<br>><br>> 2) With regard to XML processing, if an XMPP implementation receives such<br>> restricted XML data, it MUST ignore the data<br>><br>> My question is what happens when a server receives xml with craziness like
<br>> embedded dtds but, having<br>> ignored such restricted data, it decides it must pass the message on to<br>> another server. How can a server fullfill both<br>> 1 and 2 above? What is generally done in these cases?
<br>><br>I understand it this way:<br>the resending of message consists of reading it and then sending it.<br>While reading it, I meet the dtd, but I ignore it, like it was not<br>there. I do not even read it. Therefore, as I ignored it, I will not
<br>send it, as it was not there.</blockquote><div><br><br>I wouldn't equate removing text with ignoring it, but this is certainly sensible for embedded <br>dtds.
Removing all such restricted content might lead to confusion, if say a
message contains non-default entity references which are standard in in
some common format like xhtml. These may even be crucial to the
communication (like dollar sign vs. euro) Should those be silently
removed too? If it were up to me, I'd either pass it all through,
reject <br>it all, or return a warning to the initiator to all restricted content. <br><br>Best,<br> </div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><br></blockquote></div><br><br clear="all"><br>-- <br>scott