[jdom-interest] Failing early on maxLength violations
Tatu Saloranta
cowtowncoder at yahoo.com
Tue Dec 13 23:52:09 PST 2005
--- "J. McConnell" <jdotmc at gmail.com> wrote:
> I am currently developing a web service that accepts
> images, among
> other things. I am debating having the images
> submitted in the XML
> using base64Binary typed elements. Using a
> maxLength restriction on
> these elements, I plan on limiting images to around
> 512 KB, mainly
> because I am concerned about both bandwidth and
> memory (parsing and
> decoding) issues.
>
> One question I still have is, what happens if a user
> uploads a 5 MB
> photo? I would love for the 512 KB maxLength to
> protect me from this,
> but some initial tests indicate that the SAXBuilder
> won't throw an
> exception until the end tag for the element it's
> parsing is reached.
> At that point, I've already sucked the entire 5 MB
> worth of data into
> memory, though I am saved the decoding costs.
>
> Is there any way to have the SAXBuilder throw the
> exception as soon as
> the maxLength is exceeded?
It may be that even before the SAXBuilder gets access
to data, servlet (or whatever is used on server side)
may have already buffered it in memory, so you may
want to verify that aspect of upload (assuming you use
upload form element).
On the other hand, most SAX parsers do send text
content in chunks, so you could override
SAXHandler#characters() method, and do checks when it
tries to append characters in the StringBuffer()
object. And I guess adding support for such limits
would be fairly easy to do as a general feature (just
need to either override createContentHandler() in
SAXBuilder, or make
it configure handler instance with max length
indicator).
So I think it should be doable,
-+ Tatu +-
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the jdom-interest
mailing list