XML syntax is simple
XML syntax is simple. Essentially, you must balance the opening and closing tags. Yet I wish I had a proverbial nickel for every e-mail I’ve received saying, “I’m trying to process the attached XML document through such and such tool and it fails — could you recommend a better tool?” Invariably, I open the document and find an obvious syntax error such as an empty tag without the closing slash (it should look like this: <empty/>). If the document does not completely adhere to XML syntax, then it’s not an XML document; if it’s not an XML document, XML tools cannot process it. XML has a very precise and formal syntax. Either a document adheres to the syntax fully, or it is not recognized. Simple as that.
Conversely, some applications may refuse perfectly valid documents. An application might not implement the syntax fully and fail to recognize, say, character entities (î, for example).
The problem is XML’s apparent simplicity. It often may seem easier and faster to hack something rather than to learn yet another component. This may work in a closed loop where an application reads the document it has produced, but it is unlikely to work in a production environment where several applications work on the document.
Read more on xml security at http://www.ibm.com/developerworks/xml/library/x-wxxm30.htmlÂ