| ▲ | crispyambulance 11 hours ago | |||||||||||||
XML was a good, well-intentioned idea. The problem, IMHO, was that rampant "xml-abuse" in the naughts. ws-* standards and over-engineered garbage like SOAP ("complex object access protocol") made people loathe XML. I did like JAXB in Java, XLST, schemas, XPATH. Never got into XSL, but it seemed like good thing too. It worked best when your tooling manipulated it for you or at least helped you in an intelligent way. Much of the hate for XML came from situations where you had to deal with someone's over-the-top-one-size-fits all schema without the benefit of tooling to at least hint you in the right direction. It still survives in WPF and c# *.proj files. If it were just me, I would still use it for object serialization. But json is king now even though it's inferior. | ||||||||||||||
| ▲ | dtech 11 hours ago | parent | next [-] | |||||||||||||
It's non-trivial to implement XML parser in a secure way, many stdlib ones are insecure by default. That should just not be a thing. XML has a bunch of vulnerabilities very specific to it, XXE is the most well known one, but you also have a bunch of DoSes due to expansions and XPath injection etc. An object serialization format should not have a bunch of footguns and vulnerability categories specific to it. | ||||||||||||||
| ||||||||||||||
| ▲ | frollogaston 2 hours ago | parent | prev [-] | |||||||||||||
SOAP seems totally in line with the XML philosophy. | ||||||||||||||