Message196296
Michele, could you elaborate how you would exploit this issue as a security risk?
I mean, I can easily create a (non-)XML-document with control characters manually, and the parser would reject it.
What part of the create-to-serialise process exactly is a problem here? |
|
Date |
User |
Action |
Args |
2013-08-27 14:26:31 | scoder | set | recipients:
+ scoder, r.david.murray, eli.bendersky, maker, serhiy.storchaka |
2013-08-27 14:26:31 | scoder | set | messageid: <1377613591.73.0.981493978188.issue18850@psf.upfronthosting.co.za> |
2013-08-27 14:26:31 | scoder | link | issue18850 messages |
2013-08-27 14:26:31 | scoder | create | |
|