Remix.run Logo
mplanchard a day ago

The article didn’t claim that “last wins” is in and of itself an issue, but that the differences between who wins between parsers across services/languages can cause issues. Their position was that everyone should standardize on “last wins,” since that is the most common.

securesaml a day ago | parent [-]

The correct conclusion is: https://news.ycombinator.com/item?id=44337330

The problem of trying to ensure that each parser behaves the same for all input is twofold: - JSON and XML specifications are complex, lots of quirks. So not feasible. - Does not solve the fundamental issue of the processing layer not using the same data that is verified in the verification layer.

Note: the processing layer parses the original input bytes, while the verification layer verifies a struct that is parsed using another parser.

Processed: Proc(input) Verified: VerifyingParser(input)