People seem to be having fun bashing XML, so I thought I'd wade in on
its behalf.
On 15/06/17 03:46, justin walters wrote:
There are 2 main issues with XML:
1) It is not secure. Check this out:
https://stackoverflow.com/questions/1906927/xml-vulnerabilities#1907500
XML and JSON share the vulnerabilities that come from having to parse
untrusted external input. XML then has some extra since it has extra
flexibility, like being able to specify external resources (potential
attack vectors) or entity substitution. If you don't need the extra
flexibility, feel free to use JSON, but don't for one moment think that
makes you inherently safe.
2) It is large. JSON can express the same amount of information while
using much less memory. There are many reasons for this, but the simplest
is that JSON formatting requires less characters.
The simplest, but also the least true. A better reason would be that
JSON is a (fairly) simple representation while XML is complex.
Also, there are several formal schemas to follow. The most popular is
JSONAPI.
"The nice thing about standards is that you have so many to choose from."
JSON is also fundamentally much simpler than XML. There are strings,
numbers,
arrays, and objects. That's it. It is basically a dumbed down Python
dictionary.
In those terms, XML just has elements, attributes and character data, so
you don't even have to worry about typing. That's not a useful way of
describing JSON's simplicity, though, so it's no wonder XML actually
sounds simpler when you put it that way.
JSON is a text description of a general purpose data structure. It's
relatively simple, relatively easy to parse (which doesn't mean it's
easy, I've had some stinkers of pieces of JSON to disentangle in the
past), and maps straightforwardly to most people's data transfer needs.
XML is a text description of an annotated data structure, with
declarative and procedural elements thrown in for extra fun. It's
complex, harder to parse, and doesn't have a single obvious mapping to
most people's data transfer needs. However when you need that extra
flexibility, it's wonderful, and it doesn't *have* to be complex.
Of course, all this assumes you don't want the efficiency of a bespoke
binary protocol. Living in an embedded world, I usually do :-)
--
Rhodri James *-* Kynesim Ltd
--
https://mail.python.org/mailman/listinfo/python-list
