#XMLReader can be confusing at first, but I really like it.
It's minimalistic, super fast and memory efficient. Furthermore it is available in many #programming languages, not just in #PHP (see my sample code here). #XML #backend

Today, a post got published to #reddit r/netsec, concerning a DOS and arbitrary code execution #vulnerability in #XML when parsing it with #Java's #XMLReader. Though correct, maybe hyperbolic: the problem is not limited to Java, and it's possible nobody in the field uses that class. When I first learned about it, years ago, I switched from automated XML parsing to dedicated #XPath-based parsing. That's more cumbersome, for sure, but also more #secure.