[xsd-users] XercesC security problems
Vladimir Zykov
vladimir.zykov at ncloudtech.ru
Fri Sep 18 12:00:22 EDT 2015
Hi Boris,
Thanks a lot for your hint. It really saved us a lot of trouble. I've completely
forgotten that generated XSD parsing functions accept Xerces-C++ XML DOM
and that we can separate XML parsing from creation of domain model.
On Sep 10, 2015, at 13:27, Boris Kolpackov <boris at codesynthesis.com<mailto:boris at codesynthesis.com>> wrote:
In any case, I've decided to create an example that demonstrates
how this can be done. In a nutshell, we have to provide a customized
DOM parser that intercepts attempts to parse DOCTYPEs that contains
either internal or external DTD subset. It still accepts simple
DOCTYPE declarations, though. It is not exactly what you asked for
(i.e., ignoring external entity expansions), but I think this is
the best we can do in Xerces-C++. I think we might be able to
ignore the external subset via the EntityResolver.
Vladimir Zykov
Software Engineer
New Cloud Technologies, Ltd
More information about the xsd-users
mailing list