[Playlist] First XSPF-related security issue? -- was: Re: [oss-security] CVE id request: vlc
lucas.gonze at gmail.com
Wed Oct 15 23:57:12 UTC 2008
>> <extension application="http://www.videolan.org/vlc/playlist/0">
>> <item href="0" />
Seems like their use of "identifier" is really to do what the xml:id
attribute does already, and not what an XSPF identifier does. So
here's what I'm wondering: given that xml:id is a freebie with XML and
doesn't need to be defined by XML-based data formats like XSPF, what
could VLC be using instead of their extension to refer to those IDs?
BTW, it is interesting to notice that their extension creates a format
with the same shape as iTunes library XML. Seems to be one of those
patterns that crops up in nature on its own.
More information about the Playlist