[OSM-dev] Invalid XML?
Florian Lohoff
flo at rfc822.org
Thu Sep 11 10:25:42 BST 2008
On Thu, Sep 11, 2008 at 08:54:15AM +0200, Frederik Ramm wrote:
> Subject: Re: [OSM-dev] Invalid XML?
>
> Hi,
>
> Florian Lohoff wrote:
> >Its not that the xml is broken afterwards but people could start putting
> >bad things into the database by closing a tag and reopening a new one.
>
> Excuse me? How do you think that could happen?
>
> The backslash has no special meaning in XML, it is just a character like
> any other. It does not require escaping.
I stand corrected - you are right - at least the main api escapes ">< so
one can not inject tags into tag names or values.
I need to think about other ways *evil grin*
Flo
--
Florian Lohoff flo at rfc822.org +49-171-2280134
Those who would give up a little freedom to get a little
security shall soon have neither - Benjamin Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20080911/d6676592/attachment.pgp>
More information about the dev
mailing list