@kebesays @bascule @AlecMuffett Playing with JSON is begging yourself for DOS or security fail. Case in point: JOSE and the crazy schemas
@mik235 @sleevi_ @kebesays @AlecMuffett I'm sure Chrome and Firefox do a great job, but XML is everywhere and extremely dangerous
-
-
@mik235@sleevi_@kebesays@AlecMuffett two words: SAML XXEThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@sleevi_@kebesays@AlecMuffett XML is extremely dangerous. But libxml2 is the problem with RCE bugs, not XML :) -
@bascule@sleevi_@kebesays@AlecMuffett I thought that was covered by the "XML is awful, but" part =) -
@bascule@sleevi_@kebesays@AlecMuffett you could get code exec by using javascript eval() for json. Or unpickling a function object, ... -
@mik235 inside the browser, as opposed to on a server? Unless you mean Node in which case lolololol Node - 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.