AbstractFailure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input. DescriptionMost successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input. It is not possible for an XML parser to validate all aspects of a document's content; a parser cannot understand the complete semantics of the data. However, a parser can do a complete and thorough job of checking the document's structure and therefore guarantee to the code that processes the document that the content is well-formed. |
Home Page>Security
Knowledgebase>Vulnerability>Input
Validation Vulnerability >Missing
XML Validation
