[OSM-dev] Invalid XML?

Florian Lohoff flo at rfc822.org
Thu Sep 11 10:25:42 BST 2008


On Thu, Sep 11, 2008 at 08:54:15AM +0200, Frederik Ramm wrote:
> Subject: Re: [OSM-dev] Invalid XML?
> 
> Hi,
> 
> Florian Lohoff wrote:
> >Its not that the xml is broken afterwards but people could start putting
> >bad things into the database by closing a tag and reopening a new one.
> 
> Excuse me? How do you think that could happen?
> 
> The backslash has no special meaning in XML, it is just a character like 
> any other. It does not require escaping.

I stand corrected - you are right - at least the main api escapes ">< so
one can not inject tags into tag names or values.

I need to think about other ways *evil grin*

Flo
-- 
Florian Lohoff                  flo at rfc822.org             +49-171-2280134
	Those who would give up a little freedom to get a little 
          security shall soon have neither - Benjamin Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20080911/d6676592/attachment.pgp>


More information about the dev mailing list