[Playlist] First XSPF-related security issue? -- was: Re: [oss-security] CVE id request: vlc
Lucas Gonze
lucas.gonze at gmail.com
Wed Oct 15 23:57:12 UTC 2008
>> <track>
>> <identifier>0</identifier>
>> ...
>> </track>
>> </trackList>
>> <extension application="http://www.videolan.org/vlc/playlist/0">
>> <item href="0" />
>> </extension>
Seems like their use of "identifier" is really to do what the xml:id
attribute does already, and not what an XSPF identifier does. So
here's what I'm wondering: given that xml:id is a freebie with XML and
doesn't need to be defined by XML-based data formats like XSPF, what
could VLC be using instead of their extension to refer to those IDs?
BTW, it is interesting to notice that their extension creates a format
with the same shape as iTunes library XML. Seems to be one of those
patterns that crops up in nature on its own.
More information about the Playlist
mailing list