On Friday, 9 February 2018 at 21:15:33 UTC, Jonathan M Davis
wrote:
[...]
Of note, dxml does not support the DTD section beyond what is
required to parse past it
[...]
- Jonathan M Davis
Fun fact, since the most common security vulnerability associated
with XML (XEE [1]) is based on exploiting the fact that most
libraries parse in-line DTDs by default, this makes dxml immune
to such attacks. Given how often this vulnerability is found in
the wild it sounds like a very good thing to me :D
[1]:
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
