| ▲ | dtech 11 hours ago | |
It's non-trivial to implement XML parser in a secure way, many stdlib ones are insecure by default. That should just not be a thing. XML has a bunch of vulnerabilities very specific to it, XXE is the most well known one, but you also have a bunch of DoSes due to expansions and XPath injection etc. An object serialization format should not have a bunch of footguns and vulnerability categories specific to it. | ||
| ▲ | ElectricalUnion 9 hours ago | parent | next [-] | |
The funny thing is that JSON parsing is usually kinda unsafe in it's main target language JavaScript, and usually safe in other languages, because of the `__proto__` prototype pollution. | ||
| ▲ | 10 hours ago | parent | prev [-] | |
| [deleted] | ||