|
|
|
|
|
|
by jofer
460 days ago
|
|
|
CSV is _way_ hairier than folks think it is!! And for anyone who's not convinced by CSV, consider parsing XML with a regex. "I don't need a full XML parser, I just need this little piece of data! Let's keep things lightweight. This can just be a regex..." I've said it many times myself and been eventually burned by it each time. I'm not saying it's always wrong, but stop and think whether or not you can _really_ trust that "little piece of data" not to grow... |
|
|
relevant:
> ruby-saml was using two different XML parsers during the code path of signature verification. Namely, REXML and Nokogiri
where "REXML" does exactly what you described, and hilarity ensued
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials - https://news.ycombinator.com/item?id=43374519 - March 2025 (126 comments)