dxml 0.1.0 released
Cym13
cpicard at openmailbox.org
Sun Feb 11 15:04:25 UTC 2018
On Friday, 9 February 2018 at 21:15:33 UTC, Jonathan M Davis
wrote:
> [...]
> Of note, dxml does not support the DTD section beyond what is
> required to parse past it
> [...]
> - Jonathan M Davis
Fun fact, since the most common security vulnerability associated
with XML (XEE [1]) is based on exploiting the fact that most
libraries parse in-line DTDs by default, this makes dxml immune
to such attacks. Given how often this vulnerability is found in
the wild it sounds like a very good thing to me :D
[1]:
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
More information about the Digitalmars-d-announce
mailing list