Thanks! That's really solid. I just spent $EMBARRASSINGLY_LONG_TIME figuring out how to turn off half of Saxon's XML parsing functionality for some of these reasons.
On Thu, Dec 17, 2015 at 9:22 AM, Andromeda Yelton < andromeda.yel...@gmail.com> wrote: > I strongly recommend this hilarious, terrifying PyCon talk about > vulnerabilities in yaml, xml, and json processing: > https://www.youtube.com/watch?v=kjZHjvrAS74 > > If you process user-submitted data in these formats and don't yet know why > you should be flatly terrified, please watch this ASAP; it's illuminating. > If you *do* know why you should be terrified, watch it anyway and giggle > along in knowing recognition, because the talk is really very funny. > > -- > Andromeda Yelton > Board of Directors, Library & Information Technology Association: > http://www.lita.org > http://andromedayelton.com > @ThatAndromeda <http://twitter.com/ThatAndromeda> >