dxml 0.2.0 released
Patrick Schluter
Patrick.Schluter at bbox.fr
Wed Feb 14 10:03:45 UTC 2018
On Tuesday, 13 February 2018 at 22:00:59 UTC, Jonathan M Davis
wrote:
> On Tuesday, February 13, 2018 21:18:12 Patrick Schluter via
> Digitalmars-d- announce wrote:
>> [...]
>
> Well, if dxml just passes the entity references along unparsed
> beyond validating that the entity reference itself contains
> valid characters (e.g. it's not something like &.; or & by
> itself), then dxml would still not be replacing the entity
> references with anything. Any security or performance problems
> associated with entity references would be left up to whatever
> parser parsed the DTD section and then used dxml to parse the
> rest of the XML and replaced the entity references in dxml's
> parsing results with whatever they were.
>
> The big problem is how the entity references affect the
> parsing. If start tags can be dropped in and affect the parsing
> (and it's still not clear to me from the spec whether that's
> legal - there is a section talking about being nested properly
> which might indicate that that's not legal, but it's not very
> specific or clear), and if it's legal to do something like use
> an entity reference for a tag name - e.g. <&foo;>, then that's
> a serious problem. And problems like that are the main reason
> why I completely dropped any attempt to do anything with the
> DTD section.
>
Yikes! In any case, even if I had to implement a parser I would
tend to not implement this "feature" as it sounds quite
unreasonable. Only if a real need (i.e. one in the real world,
not one that could be contrived out of the specs) arises would I
then potentially implement the real deal.
More information about the Digitalmars-d-announce
mailing list