Although I assume that you've had that comment more than once! In the real world - validate inputs AND use prophylactic code.
Yup, we have. The counterpoint is that there are occasions where escaping input ends up mangling your data, thus creating an error from the other direction. Strangely, I think something like that ended up in the talk outline but somehow not in the paper.
in cases where the language of the context you are validating is simple enough regexp would be sufficient
Certainly. OTOH, I can't think of any programming languages which have a syntax that can be described by a regular expression ...
Where's the typo, btw? Is it supposed to be "implementers"?
no subject
Yup, we have. The counterpoint is that there are occasions where escaping input ends up mangling your data, thus creating an error from the other direction. Strangely, I think something like that ended up in the talk outline but somehow not in the paper.
in cases where the language of the context you are validating is simple enough regexp would be sufficient
Certainly. OTOH, I can't think of any programming languages which have a syntax that can be described by a regular expression ...
Where's the typo, btw? Is it supposed to be "implementers"?