@bascule @kebesays @AlecMuffett With DER parsing, a little fuzzing and ASAN goes a long way. With JSON, it's logic bugs all the way down.
-
-
@bascule@sleevi_@kebesays@AlecMuffett I thought that was covered by the "XML is awful, but" part =) -
@bascule@sleevi_@kebesays@AlecMuffett you could get code exec by using javascript eval() for json. Or unpickling a function object, ... -
@mik235 inside the browser, as opposed to on a server? Unless you mean Node in which case lolololol Node -
@bascule I'm just saying that the biggest problems seem to be because a couple of particular (popular) parsers is crap -
@bascule you don't need to support external entities in an XML parser at all. Or recursive entities. - 3 more replies
New conversation
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.