Thanks! That's really solid. I just spent $EMBARRASSINGLY_LONG_TIME
figuring out how to turn off half of Saxon's XML parsing functionality for
some of these reasons.
On Thu, Dec 17, 2015 at 9:22 AM, Andromeda Yelton <
[log in to unmask]> wrote:
> I strongly recommend this hilarious, terrifying PyCon talk about
> vulnerabilities in yaml, xml, and json processing:
> https://www.youtube.com/watch?v=kjZHjvrAS74
>
> If you process user-submitted data in these formats and don't yet know why
> you should be flatly terrified, please watch this ASAP; it's illuminating.
> If you *do* know why you should be terrified, watch it anyway and giggle
> along in knowing recognition, because the talk is really very funny.
>
> --
> Andromeda Yelton
> Board of Directors, Library & Information Technology Association:
> http://www.lita.org
> http://andromedayelton.com
> @ThatAndromeda <http://twitter.com/ThatAndromeda>
>
|