One thing I noticed while hunting these bugs: Xalan is not particularly robust against a misbehaving SAX XMLReader (which is what I had). Little inconsistencies like calling startPrefixMapping() for the xml prefix or calling startPrefixMapping("", "") for a root element in no namespace cause Xalan to vomit up various runtime exceptions. I'm not sure what would happen with a filter that mismatched start and end-tags, or something equally evil. At some point, it might be worth somebody's time to figure out how to harden Xalan against these sorts of attacks, whether malicious or unintentional.
--
Elliotte Rusty Harold [EMAIL PROTECTED] Effective XML (Addison-Wesley, 2003) http://www.cafeconleche.org/books/effectivexml http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
