Re: Robust XML validation

[Tim <tim-security () sentinelchicken org>]

> Validating against trusted schemas/DTDs would not be sufficient in my
> opinion. For example, such validations are not effective against the
> billion laughs attack (http://en.wikipedia.org/wiki/Billion_laughs).

But... isn't the point that you'd never accept a DTD or schema from an
untrusted source?  That is, never even bother to parse it and
arguably, reject documents from users that contain them.

tim