Re: Robust XML validation

[Timo Warns <warns () pre-sense de>]

Am 13.12.2012 17:19, schrieb Tim:
> > Validating against trusted schemas/DTDs would not be sufficient in my
> > opinion. For example, such validations are not effective against the
> > billion laughs attack (http://en.wikipedia.org/wiki/Billion_laughs).
>
> But... isn't the point that you'd never accept a DTD or schema from an
> untrusted source?  That is, never even bother to parse it and
> arguably, reject documents from users that contain them.

What I wanted to say is that validating an XML document against a
trusted schema/DTD may already exhaust resources (e.g,. due to
expansions necessary for a validation).

Regards, Timo