[sc34wg3] <mergeMap/> and security
Lars Marius Garshol
larsga at ontopia.net
Fri Mar 31 08:46:06 EST 2006
* Lars Heuer
>
> The difference: XInclude and external entities are not part of the XTM
> standard. How they are interpreted are beyond of the XTM standard.
For XInclude this is true. If you use XInclude with XTM you have to
resolve the includes before the XTM processor sees them.
For external entities it is true only in the very narrow sense that
XTM does not define any special behaviour for these. However, we do
refer to XML, which does provide entities, so you can definitely use
entities with XTM. It's true, though, that XTM can't do anything
about any security issues there might be with entities.
--
Lars Marius Garshol, Ontopian http://www.ontopia.net
+47 98 21 55 50 http://www.garshol.priv.no
More information about the sc34wg3
mailing list