XSF Discussion - 2021-02-27

  1. moparisthebest

    Remember the discussion about XML being hard? https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities

  2. moparisthebest

    Turns out "parsing" is hard and the rest is just details

  3. Zash

    No no, JSON is web scale, that's why it's better and more secure!!!!1!/s

  4. SamWhited

    Still easier to parse and more likely to interoperability than the mess that is XML, don't get too cocky

  5. moparisthebest

    Seems to me XML is far better specified

  6. Zash

    The appearance of "easy to parse" will attract "I'll just regex a bit and whooops, giant security hole".

  7. SamWhited

    Because no one has ever parsed XML with with a regex.

  8. Zash

    XML clearly has the edge there, since anyone attempting that would accidentally summon some eldritch horror and never be heard from again. Thus, only reasonably sane XML parsers make it.

  9. SamWhited

    And JSON is specified just fine. I'm not saying it's great, but XML is still garbage and it's definitely easier to implement and use JSON correctly.

  10. Zash

    I just spent all day writing JSON Schema, so I think I've deserved the right to call JSON garbage.

  11. SamWhited

    Uggh, I must admit, my only experiences with JSON Schema have been just as bad as my experiences with like 3 different XML schemas

  12. deuill

    OpenAPI is probably a more cohesive consolidation of the ideas in JSON Schema, but you might as well move to using an actual schema-defined interchange format if you can.

  13. deuill

    Whereas there's no clear replacement for XML? Something about tree vs. document structures.

  14. mathieui

    deuill, OpenAPI has good ideas, but the yaml is not one of them

  15. mathieui

    (I really don’t like XML but debugging an openapi schema is *not* fun)