billion laughs
n. An online attack that attempts to disable a website by sending a specially formatted sequence of characters such as "lol" and "ha".
Also Seen As
Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data.
This is called the "Billion Laughs" attack—without going too far into the nuances of XML trickery, you can see that this file has a series of ENTITY entries, each of which references and expands to the ones above it. So the file grows exponentially in memory when it is parsed, consumes CPU cycles, and mushrooms in size to eat up the memory space of its host computer.
—Bill Hines, et al., “IBM WebSphere DataPower SOA Appliance Handbook,” IBM Press, January 03, 2009
2002 (earliest)
You can easily construct a few entities that expand to a huge result.
Depending on how your parser returns things, this may use lots of
memory or merely use up lots of cpu time. There is an example at

I don't recommend loading this file into a browser.
—Richard Tobin, “Re: Malicious XML,” XML-DEV, November 05, 2002
Two thumbs pointing skyward to Grant Barrett and Paul Ford for uncovering this term.