On Fri, 21 Feb 2014 16:18:33 +0100 Szabolcs Nagy <n...@port70.net> wrote:
> xml is not just markup but > > http://www.w3.org/TR/REC-xml/#charencoding > (mandatory utf-8 and utf-16 support with bom) What's wrong with UTF-8? > https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing > (xml injection, unauthorized document access) Fortunately, browsers don't allow this. > https://en.wikipedia.org/wiki/Billion_laughs > (DoS: exp or quadratic blowup of entities) Also, easily avoidable. > it's much better to use a restricted specific language > with simple well defined semantics than generic things > like sgml and xml (with arbitrary long tag and attribute > names), once you do this the origin (sgml, xml,..) does > not matter At the cost modularity. Still, I'd welcome a solution like this! -- FRIGN <d...@frign.de>
