Right. But "correct on inputs you care about, safe on others" beats " 'correct' on all inputs but with DoS and SSRF all over".
Given the badness of standard XML parsers, hard to say which is worse. This is likely more secure.. (no external ents, bombs, etc)
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.