How it works...
Although XML can be an extremely useful tool for developers when performing some tasks, it is not the best format for information exchange in web applications these days. This is because of its many features, external entities among them, and its extensible nature, which allows for the easy incorporation of objects or elements that may include system files and commands.
XML Parsers allow external entities and other features that may pose a security problem, such as Document Type Definitions (DTDs), to be disabled. Check the documentation of the parsing engine of your choice for more information on how to do this.
Being injection attacks, XML-related attacks can be prevented to a great extent by performing proper input validation, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access