Remix.run Logo
dtech 11 hours ago

It's non-trivial to implement XML parser in a secure way, many stdlib ones are insecure by default. That should just not be a thing. XML has a bunch of vulnerabilities very specific to it, XXE is the most well known one, but you also have a bunch of DoSes due to expansions and XPath injection etc.

An object serialization format should not have a bunch of footguns and vulnerability categories specific to it.

ElectricalUnion 9 hours ago | parent | next [-]

The funny thing is that JSON parsing is usually kinda unsafe in it's main target language JavaScript, and usually safe in other languages, because of the `__proto__` prototype pollution.

10 hours ago | parent | prev [-]
[deleted]