|
|
|
|
|
|
by njharman
4446 days ago
|
|
|
take away: XML should not be used (at least as user input). It is too powerful, too big. It is much too hard and expensive to test and validate. Input from potentially malicious users should be in the simplest, least powerful of formats. No logic, no programability, strictly data. I'm putting "using XML for user input" in same bucket as "rolling your own crypto/security system". That is you're gonna do it wrong, so don't do it. |
|
|