The best-known example is probably SOAP, which disallows processing instructions, document type declarations and any internal DTD subset.
最知名的例子可能是 SOAP。 它不允许处理指令、文档类型声明和任何内部 DTD 子集。
An attacker could also exponentially build up entity references purely in the internal DTD subset so that a small input document produces a large quantity of text.
攻击者也可以根据指数只在内部dtd子集中有规律地建立实体引用,这样,就会使小的输入文档制造出大量的文本。
Let us consider what is not represented within the DTD, and see that it really does pertain to a's internal data representation, not to the transmitted message.
让我们考虑一下在DTD中有什么东西没有表示,就会发现它实际上确实属于A的内部数据表示,而不属于发送的消息。
应用推荐