2017-07-07 UTC
# Zegnat We were talking about different attack vectors in #indieweb-chat yesterday, and wanted to put this out there (logged) for people: a (g)zip bomb will not kill your server if you use PHP’s file_get_contents, it only fetches plain text. Most XML attacks will also not work against PHP’s DOMDocument XML parsing, though you may want to make sure not to e