File tree Expand file tree Collapse file tree 1 file changed +16
-0
lines changed Expand file tree Collapse file tree 1 file changed +16
-0
lines changed Original file line number Diff line number Diff line change 99<!ENTITY RFC3986 SYSTEM " http://xml.resource.org/public/rfc/bibxml/reference.RFC.3986.xml"
1010<!ENTITY RFC3987 SYSTEM " http://xml.resource.org/public/rfc/bibxml/reference.RFC.3987.xml"
1111<!ENTITY RFC4291 SYSTEM " http://xml.resource.org/public/rfc/bibxml/reference.RFC.4291.xml"
12+ <!ENTITY RFC4329 SYSTEM " http://xml.resource.org/public/rfc/bibxml/reference.RFC.4329.xml"
1213<!ENTITY RFC5322 SYSTEM " http://xml.resource.org/public/rfc/bibxml/reference.RFC.5322.xml"
1314<!ENTITY RFC5890 SYSTEM " http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml"
1415<!ENTITY RFC5891 SYSTEM " http://xml.resource.org/public/rfc/bibxml/reference.RFC.5891.xml"
13511352 (with so-called "catastrophic backtracking"), resulting in a denial-of-service
13521353 attack.
13531354 </t >
1355+ <t >
1356+ Implementations that support validating or otherwise evaluating instance
1357+ string data based on "contentEncoding" and/or "contentMediaType" are at
1358+ risk of evaluating data in an unsafe way based on misleading information.
1359+ Applications can mitigate this risk by only performing such processing
1360+ when a relationship between the schema and instance is established
1361+ (e.g., they share the same authority).
1362+ </t >
1363+ <t >
1364+ Processing a media type or encoding is subject to the security considerations
1365+ of that media type or encoding. For example, the security considerations
1366+ of <xref target =" RFC4329" xref > apply when
1367+ processing JavaScript or ECMAScript encoded within a JSON string.
1368+ </t >
13541369 </section >
13551370
13561371 <!--
13851400 &RFC3986;
13861401 &RFC3987;
13871402 &RFC4291;
1403+ &RFC4329;
13881404 &RFC5890;
13891405 &RFC5891;
13901406 &RFC6570;
You can’t perform that action at this time.
0 commit comments