TechEcho

7 comments

astrojamsover 12 years ago

It isn't obvious at first glance that this small xml file actually expands to billion "lols". You really have to give the bad guys credit for ingenuity.

评论 #4677568 未加载

评论 #4677792 未加载

dguidoover 12 years ago

Probably should rename this to "billion reposts."<p>Can we move beyond this simple issue and discuss more complicated aspects of security on HN?

评论 #4678149 未加载

评论 #4678234 未加载

评论 #4679038 未加载

评论 #4678199 未加载

评论 #4678738 未加载

评论 #4678604 未加载

评论 #4679814 未加载

wtallisover 12 years ago

So, how much memory would a real-world parser actually consume given this file? I'd try it, but I had to RMA my workstation's motherboard yesterday, leaving me with a machine that only has 3GB, which is the obvious minimum for a full expansion. But I could imagine an XML parser might use UCS-2 internally, inflating this to 6GB. Or, some parsers might be clever and not attempt a full expansion.

评论 #4679208 未加载

评论 #4678975 未加载

caseydurfeeover 12 years ago

Is there a legitimate use case for being able to recursively define entities like that?

评论 #4677684 未加载

评论 #4677674 未加载

评论 #4678406 未加载

评论 #4679211 未加载

alexrbarlowover 12 years ago

I have to say, i love this, crazy, for a language that is really for transferring data.<p>I guess you could do this with YAML too?

评论 #4677665 未加载

评论 #4677994 未加载

评论 #4677777 未加载

评论 #4677757 未加载

055staticover 12 years ago

This doesn't work with my sed-based XML parsers. :(

ilcaveroover 12 years ago

so, how do I protect myself against this?

评论 #4677931 未加载

评论 #4677992 未加载

评论 #4678929 未加载

评论 #4677999 未加载

Billion laughs

7 comments

Billion laughs

7 comments