|
|
|
|
|
|
by ajuc
4447 days ago
|
|
|
> They shouldn't do this by default: they should instead take a programmer-supplied entity resolver and call into that. Then the programmers would write their own resolvers with even more bugs most probably. You would have 10 000 broken implementations of that code, half of them copied from stackoverflow example with security left as exercise for reader. |
|
|
Of course nothing helps for people who code by copying and pasting, rather than understanding what the API or library does.