Difference between revisions of "OWASP Periodic Table of Vulnerabilities - XML Injection"
(Created page with "Return to Periodic Table Working View == XML Injection == === Root Cause Summary === XML docume...")
Latest revision as of 21:29, 22 July 2013
Root Cause Summary
XML documents are generated by including dynamic data without proper encoding.
Browser / Standards Solution
Generic Framework Solution
The framework should provide safe libraries for constructing and manipulating XML documents that automatically encode all dynamic data. The framework should disallow any direct access to raw XML.
Custom Framework Solution
Custom Code Solution
Discussion / Controversy
Cross-Site Scripting / HTML Injection is a special case of XML injection.