[Expat-discuss] A way to handle malicious XML with Expat / was Re: Handling malicious XML with Expat - what options do I have?
webmaster at hartwork.org
Sat Sep 13 05:08:23 CEST 2008
Talking to a friend of mine gave some new ideas.
Monitoring the final size of an entity alone is not
- The entity could evaluate to zero length
and still take "forever" to compute
(== billion laughs with "" instead of "ha")
- Part of the content multiplication could be moved
to the document's body and therefore be hidden
So I have added two more checks:
- A limit on the total lookups to form the value
of an entity
- A limit on the ratio between input and output
The three constants in the code to play with are
MAX_BYTES_PER_ENTITY_VALUE = 100000
MAX_LOOKUPS_PER_ENTITY_VALUE = 30
MAX_INPUT_FACTOR = 20
I'd be interested to know if these values still work
for people working with very large documents.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Expat-discuss