From: Peter M. <pet...@gm...> - 2014-08-10 09:21:33
|
All, PyCon Australia 2014 was held in Brisbane about a week ago. (It was held at the Brisbane exhibition centre - literally walking distance from my home). One talk of possible interest to this list[*] was "Serialization formats aren't toys" by Tom Eastman. "Do you accept input from users? Do you accept it in XML? What about YAML? Or maybe JSON? How safe are you? Are you sure?" The talk is about 30 minutes long, and can be viewed here: https://www.youtube.com/watch?v=LrW-HSHP0ws The YAML part (which is mostly about the dangers of "python/object/apply" tags) is from 6:48 to 13:30; the JSON part is from 23:07 to the end. However, I suggest everybody have a watch of the whole thing. The "Billion Laughs Attack" is an XML thing, but still nice to know about. ;-) Best regards, Peter Murphy [*] PS: Which list is current YAML list? yam...@go... or yam...@li...? I sent this message to both, just in case. -- Email: pet...@gm... WWW: http://www.pkmurphy.com.au/ |
From: Trans <tra...@gm...> - 2014-08-10 14:57:58
|
Use yam...@li..., the google group is just a (broken) mirror. |