External entities in XML[1] were a similar issue back when everyone was using XML for everything, and parsers processed external-entities by default.

1: https://owasp.org/www-community/vulnerabilities/XML_External...

▲

Sohcahtoa82 18 hours ago | parent | next [-]

XXE should have never existed.

Whoever decided it should be enabled by default should be put into some sort of cybersecurity jail.

▲

hinkley 19 hours ago | parent | prev [-]

At least with external entities you could deny the parser an internet connection and force it to only load external documents from a cache you prepopulated and vetted. Turing completeness is a bullshit idea in document formats.

▲

actionfromafar 18 hours ago | parent | next [-]

Postscript is pretty neat IMHO and it’s Turing complete. I really appreciated my raytraced page finally coming out of that poor HP laser after an hour or so.

	▲	aidenn0 18 hours ago \| parent \| next [-]
		I once sent a Sierpinski's Triangle postscript program to a shared printer. It took 90 minutes, and pissed off everybody else trying to print.
	▲	hinkley 18 hours ago \| parent \| prev \| next [-]
		One of the very first SVG documents I encountered was a port of the PS Tiger to SVG. It loaded a lot faster than the PostScript Tiger.
	▲	anthk 17 hours ago \| parent \| prev \| next [-]
		PostScript can emulate the ZMachine (Zork text adventures and all of infocom) with "zmachine.ps". Look it up at DDG/GG.
	▲	bigfatkitten 18 hours ago \| parent \| prev [-]
		Sounds almost like a fun crypto mining opportunity.

▲

aidenn0 18 hours ago | parent | prev | next [-]

With SVGs you can serve them from a different domain. IIUC the issue from TFA was that the SVGs were served from the primary domain; had they been on a different domain, they would have not been allowed to do as much.

▲

gnerd00 18 hours ago | parent | prev [-]

calling Leonard Rosenthol ...