Why no word about range, type and length checks?

[baybal]

You should mention range, type and length checks. Peculiarities of JSON/XML parsing should also be mentioned as parser very often work outside of the "safe" realm on most script interpreters, without much failsafe logic. Node notably had an alarming amount of bugs when working with multi-byte encodings.

Websocket handling is another point where most API writers completely disregard such basics. Some try to implement a per byte socket handling, that will eagerly split multibyte chars into impossible bits that can later be used in different "escape" scenarios or be used to attach 3rd party libs.

[Maikuolan]

Anyone want to create a PR for this?