Talking shop: Go and XML 

I wonder if any company making heavy use of it would pay me to just rewrite Go's encoding/xml package from scratch with a compatible API so they could be easily swapped out?

The code in the standard library version is so bad as to be unsalvageable. It's so unreadable that I guarantee you there are more security issues lying in wait, not to mention how slow it is even if you're not using the reflection parts.


Talking shop: Go and XML 

Just separating out the tokenization, validation, and marshaling/unmarshaling parts into three different layers would make it more testable and readable, making issues easier to spot. It would also make it possible to encode a struct to a stream of tokens instead of bytes, which would greatly increase the speed of things that need to do that right now, and we could make the input/output stable across multiple encode/decodes, which would prevent downstream security issues.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!