Comment by ryandrake
4 hours ago
Yea, I interpret it as the same thing: On invalid input, don't crash or give the caller a root shell or whatever, but definitely don't swallow it silently. If the input is malformed, it should error and stop. NOT try to read the user's mind and conjure up some kind of "expected" output.
I think perhaps a better wording of the law would be: "Be prepared to be sent almost anything. But be specific about what you will send yourself".