On Fri, Dec 20, 2013 at 8:16 PM, Florian Pflug <f...@phlo.org> wrote: > On Dec20, 2013, at 18:52 , Robert Haas <robertmh...@gmail.com> wrote: >> On Thu, Dec 19, 2013 at 6:40 PM, Florian Pflug <f...@phlo.org> wrote: >>> Solving this seems a bit messy, unfortunately. First, I think we need to >>> have some XMLOPTION value which is a superset of all the others - >>> otherwise, dump & restore won't work reliably. That means either allowing >>> DTDs if XMLOPTION is CONTENT, or inventing a third XMLOPTION, say ANY. >> >> Or we can just decide that it was a bug that this was ever allowed, >> and if you upgrade to $FIXEDVERSION you'll need to sanitize your data. >> This is roughly what we did with encoding checks. > > What exactly do you suggest we outlaw?
<!DOCTYPE> anywhere but at the beginning. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
