• To: Tim Bray <tbray@t...>
• Subject: Re: DTDs, W3C Schemas, RELAX NG, Schematron?
• From: Rich Salz <rsalz@d...>
• Date: Thu, 23 May 2002 12:32:16 -0400
• Cc: xml-dev@l...
• References: <200205231616.MAA11258@m...> <3CED16F6.8000504@t...>
• User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc2) Gecko/20020510

> Not that the problem is with DTDs.  After all these years, it seems that 
> the jury has come back in and the cost-benefit ratio for entities just 
> ain't good.  -Tim

Good.  A big problem with external entities are the security 
implications: if I send you some XML, you have to be careful to make 
sure I don't trick you into opening something you didn't intend.  E.g., 
a networked XSLT script that outputs your password (or other private 
info) file.
	/r$

• References:
  • Re: DTDs, W3C Schemas, RELAX NG, Schematron?
    • From: John Cowan <jcowan@r...>
  • Re: DTDs, W3C Schemas, RELAX NG, Schematron?
    • From: Tim Bray <tbray@t...>

• Prev by Date: RE: Painful USA Today article (was RE: ANN: RESTTutorial)
• Next by Date: RE: DTDs, W3C Schemas, RELAX NG, Schematron?
• Previous by thread: Re: DTDs, W3C Schemas, RELAX NG, Schematron?
• Next by thread: Re: DTDs, W3C Schemas, RELAX NG, Schematron?
• Index(es):
  • Date
  • Thread