OWASP Periodic Table of Vulnerabilities - XML Injection

Return to Periodic Table Working View

XML Injection

Root Cause Summary

XML documents are generated by including dynamic data without proper encoding.

Browser / Standards Solution

None

Perimeter Solution

None

Generic Framework Solution

The framework should provide safe libraries for constructing and manipulating XML documents that automatically encode all dynamic data. The framework should disallow any direct access to raw XML.

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

Cross-Site Scripting / HTML Injection is a special case of XML injection.

References

Testing for XML Injection (OWASP-DV-008)
XML Injection (WASC)
XML Injection (CWE)

OWASP Periodic Table of Vulnerabilities - XML Injection

Contents

XML Injection

Root Cause Summary

Browser / Standards Solution

Perimeter Solution

Generic Framework Solution

Custom Framework Solution

Custom Code Solution

Discussion / Controversy

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools