|
|
|
|
|
|
by msbarnett
1474 days ago
|
|
|
XML is chock-full of misfeatures ripe for creating security vulnerabilities. It's not just nokogiri – XML parsing libs are one of the hottest sources of vulnerability notifications in many ecosystems (a large number of those CVE alerts come by way of using libxml2 under the hood, which nokogiri also depends on). Safely parsing untrusted XML is an extremely hairy task. |
|
|