Difference between revisions of "Template:DoctypeDisallowed"
From Documentation
(Created page with "== DOCTYPE restriction == {{versionSince|10.0.0}} Starting from ZK 10, the xml parser used by ZK declares <code>disallow-doctype-decl</code> to true. This prevents the use of...") |
|||
Line 1: | Line 1: | ||
== DOCTYPE restriction == | == DOCTYPE restriction == | ||
+ | |||
{{versionSince|10.0.0}} | {{versionSince|10.0.0}} | ||
+ | |||
Starting from ZK 10, the xml parser used by ZK declares <code>disallow-doctype-decl</code> to true. | Starting from ZK 10, the xml parser used by ZK declares <code>disallow-doctype-decl</code> to true. | ||
This prevents the use of DOCTYPE declaration in xml files, such as zk.xml, lang-addon.xml, config. xml, etc. | This prevents the use of DOCTYPE declaration in xml files, such as zk.xml, lang-addon.xml, config. xml, etc. | ||
This is a security measure to prevent XXE attacks using <code><!DOCTYPE ...></code> as vector. | This is a security measure to prevent XXE attacks using <code><!DOCTYPE ...></code> as vector. |
Latest revision as of 04:01, 19 January 2024
DOCTYPE restriction
Since 10.0.0
Starting from ZK 10, the xml parser used by ZK declares disallow-doctype-decl
to true.
This prevents the use of DOCTYPE declaration in xml files, such as zk.xml, lang-addon.xml, config. xml, etc.
This is a security measure to prevent XXE attacks using <!DOCTYPE ...>
as vector.