Obviously there aren't similar issues with parsing JSON. On the other hand if yo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dfox on March 1, 2020 \| parent \| context \| favorite \| on: OpenAPI v3.1 and JSON Schema 2019-09 Obviously there aren't similar issues with parsing JSON. On the other hand if you ingest XML you simply don't want to use full implementation of validating XML parser, because making that work is bunch of pointless busywork. And these vulnerabilities are only relevant for validating XML parsers.

TedDoesntTalk on March 1, 2020 [–]

xml entity expansion has nothing to do with XML validation and is an attack vector no matter if you validate the xml doc or not.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact