I am looking at the ImageMagick source code and for some reason there's a form feed character at the end of each function body. What
@sghctoma @lstoll @charliesome No, external entities are a bug. Any xml impl that supports them is nothing but a toy. Not deployable.
-
-
@RichFelker@lstoll@charliesome Ext. entities are part of the XML spec. Arguably a bad design decision, so yeah, it could be called a bug.. -
@RichFelker@lstoll@charliesome +AFAIK ever major XML lib supports them. a few were opt-in, the majority opt-out 2 years ago, IDK about now -
@sghctoma@lstoll@charliesome Support should be completely removed, not just opt-in. The "feature" (external entities) is broken by design. -
@RichFelker@sghctoma@charliesome because everyone sure loves it when software authors ignore standards and do what they want. -
@lstoll@sghctoma@charliesome In principle you're right, but if you follow that principle here, xml is a useless std. Nowhere safe to use. -
@lstoll@sghctoma@charliesome Same is true of some legacy RFCs like SMTP. They specify behaviors that are inherently insecure. Must ignore.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.