摘要
基于DOM模型的解析是多数XML文档处理系统所采用的技术,文档解析中在对DTD、XML注释以及XML结点的处理存在着一些漏洞,导致系统在解析那些利用了这些漏洞的恶意XML文档过程中易遭到攻击,分析了漏洞产生的原因,并提出相应的防御方法。
Most XML document processing systems adopt W3C DOM to parse XML documents. There are some bugs when XML document parse system based on DOM deals with DTD, XML comments and XML nodes. Once the bugs are used by malicious XML documents, system will be attacked when it parses them. The paper points out three problems exist in XML parse based on DOM, analyzes why the system is attacked and offers methods of defending it.
出处
《计算机安全》
2009年第11期50-52,共3页
Network & Computer Security
关键词
DOM
XML解析
安全
Domain Object Models
XML Parsing
Security
