(github.blog)

312 points campuscodi | 1 comments | 15 Mar 25 19:06 UTC | HN request time: 0.001s | source

Show context

oncallthrow ◴[15 Mar 25 19:16 UTC] No.43374582[source]▶

>>43374519 (OP) #

XML is to authentication bypasses what C is to buffer overflow attacks

replies(4): >>43374583 #>>43374813 #>>43375202 #>>43375808 #

thayne ◴[15 Mar 25 23:16 UTC] No.43375808[source]▶

>>43374582 #

XML could really benefit from a standardized subset that cuts out all the unnecessary features and security footguns.

replies(2): >>43376649 #>>43380061 #

Nextgrid ◴[16 Mar 25 02:55 UTC] No.43376649[source]▶

>>43375808 #

I find that the "unnecessary features" and footguns are what makes XML, well, XML. I guess there must be some legitimate usage of those, or at least was back in the day. If you strip them out, you'd end up with a JSON-like (so you may as well use JSON).

replies(2): >>43376692 #>>43377295 #

1. dralley ◴[16 Mar 25 03:07 UTC] No.43376692[source]▶

>>43376649 #

Or something like RON

https://github.com/ron-rs/ron

↑

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials