[XML-SIG] Using PyExpat.py
Uche Ogbuji
uche.ogbuji@fourthought.com
Mon, 19 Feb 2001 16:45:51 -0700
> Uche Ogbuji wrote:
> > Most XML processing specifications mandate that the URI of the XML entity that
> > contains an infoset node is used as the basis for further processing. To me,
> > this argues strongly for dropping local files rather than URIs if we must
> > choose. Some XML specs would be very difficult to implement properly if the
> > low-level tools became file-system-only readers.
>
> is the code Guido quoted taken from a utility function (e.g. a standard
> input handler), or is it part of the core library:
>
> if os.path.isfile(sysid):
> basehead = os.path.split(os.path.normpath(base))[0]
> source.setSystemId(os.path.join(basehead, sysid))
> f = open(sysid, "rb")
> else:
> source.setSystemId(urlparse.urljoin(base, sysid))
> f = urllib.urlopen(source.getSystemId())
>
> if the latter, I hope you realize that this can be abused in all sorts of
> interesting ways...
I forgot who it was on XML-DEV who said that XML is a dream for malicious
network abusers.
I'm not arguing whether or not it's a good thing that XML is so URI-happy.
I'm just stating the fact.
As for your precise question, Guido said it came from saxutils.py
--
Uche Ogbuji Principal Consultant
uche.ogbuji@fourthought.com +1 303 583 9900 x 101
Fourthought, Inc. http://Fourthought.com
4735 East Walnut St, Ste. C, Boulder, CO 80301-2537, USA
Software-engineering, knowledge-management, XML, CORBA, Linux, Python