ons 2022-08-17 klockan 19:21 +0200 skrev Michael Niedermayer: > > Now to achieve this do we need xml and json ? > grep tells me we have 500 matches (not counting docs) for xml and > almost 100 > for json > Also for streaming and some cases filtering being able to serialize > objects > would be useful. xml and json seem better choices than some ad-hoc > format > So i would awnser the question do we need XML and JSON, with yes we > live > in a world that uses XML and JSON so if we give the option to use it > too > that makes it easier for others to interact. > > now do we need our own implementation of it ? I dont know but we have > in almost all cases favored our native implementations when someone > wrote > one. And libxml2 has had so many security issues that i think we > should > at least consider replacing it.
Absolutely not. The solution is to fix and improve libxml2, not to add to the problem with our own XML parser which will inevitably have its own set of bugs. NIH for its own sake does nothing but split developer effort and increase the number of bugs. Parsing is hard and the source of the vast majority of CVEs. This project should take the advice of the langsec community to heart. Resist the urge to write your own shotgun parsers because it is "fun". Make your protocol context-free or regular! /Tomas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
