-
moparisthebest
Remember the discussion about XML being hard? https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
-
moparisthebest
Turns out "parsing" is hard and the rest is just details
-
Zash
No no, JSON is web scale, that's why it's better and more secure!!!!1!/s
-
SamWhited
Still easier to parse and more likely to interoperability than the mess that is XML, don't get too cocky
-
moparisthebest
Seems to me XML is far better specified
-
Zash
The appearance of "easy to parse" will attract "I'll just regex a bit and whooops, giant security hole".
-
SamWhited
Because no one has ever parsed XML with with a regex.
-
Zash
XML clearly has the edge there, since anyone attempting that would accidentally summon some eldritch horror and never be heard from again. Thus, only reasonably sane XML parsers make it.
-
SamWhited
And JSON is specified just fine. I'm not saying it's great, but XML is still garbage and it's definitely easier to implement and use JSON correctly.
-
Zash
I just spent all day writing JSON Schema, so I think I've deserved the right to call JSON garbage.
-
SamWhited
Uggh, I must admit, my only experiences with JSON Schema have been just as bad as my experiences with like 3 different XML schemas
-
deuill
OpenAPI is probably a more cohesive consolidation of the ideas in JSON Schema, but you might as well move to using an actual schema-defined interchange format if you can.
-
deuill
Whereas there's no clear replacement for XML? Something about tree vs. document structures.
-
mathieui
deuill, OpenAPI has good ideas, but the yaml is not one of them
-
mathieui
(I really don’t like XML but debugging an openapi schema is *not* fun)