[OSM-dev] Invalid XML?
flo at rfc822.org
Thu Sep 11 10:25:42 BST 2008
On Thu, Sep 11, 2008 at 08:54:15AM +0200, Frederik Ramm wrote:
> Subject: Re: [OSM-dev] Invalid XML?
> Florian Lohoff wrote:
> >Its not that the xml is broken afterwards but people could start putting
> >bad things into the database by closing a tag and reopening a new one.
> Excuse me? How do you think that could happen?
> The backslash has no special meaning in XML, it is just a character like
> any other. It does not require escaping.
I stand corrected - you are right - at least the main api escapes ">< so
one can not inject tags into tag names or values.
I need to think about other ways *evil grin*
Florian Lohoff flo at rfc822.org +49-171-2280134
Those who would give up a little freedom to get a little
security shall soon have neither - Benjamin Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the dev