-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Disable external entities by default to prevent XXE injection attacks…
…, re #6 XML Builder classes now explicitly enable or disable 'external-general-entities' and 'external-parameter-entities' features of the DocumentBuilderFactory when #create or #parse methods are used. To prevent XML External Entity (XXE) injection attacks, these features are disabled by default. They can only be enabled by passing a true boolean value to new versions of the #create and #parse methods that accept a flag for this feature.
- Loading branch information
Showing
6 changed files
with
376 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.