Y
Hacker News
new
|
ask
|
show
|
jobs
by
richx
2059 days ago
I’m wondering which security risks they mean. I don’t see any security risk in XML itself, maybe it’s related to some XPath or XQuery functions?
2 comments
barefootliam
2059 days ago
I think more about the fact libxml and libxslt are large pieces of code and have had CVEs raised against them (and fixed) in the past. They are still actively maintained.
link
foota
2059 days ago
I think the idea is the increased security risk of potentially poorly maintained large body of code with a wide surface area.
link