Christian Heimes avatar Christian Heimes committed bdc9951

other things list is pessimistic

Comments (0)

Files changed (1)

 ========================
 
 XML, XML parsers and processing libraries have more features and possible
-issue that can lead to DoS vulnerabilities or security exploits in
+issue that could lead to DoS vulnerabilities or security exploits in
 applications. I have compiled an incomplete list of possible issues that
-need further research and more attention.
+need further research and more attention. The list is deliberately pessimistic
+and a bit paranoid, too. It contains things that might go wrong under daffy
+circumstances.
 
 
-attribute blowup
-----------------
+attribute blowup / hash collision attack
+----------------------------------------
 
 XML parsers may use an algorithm with quadratic runtime O(n :sup:`2`) to
 handle attributes and namespaces. If it uses hash tables (dictionaries) to
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.