Re^2: Best XML library to validate XML from untrusted source


There's more than one way to do things
	PerlMonks

by vsespb (Chaplain)

on Oct 19, 2014 at 15:23 UTC ( [id://1104307]=note: print w/replies, xml )

Need Help??

Ok, Tested XML::LibXML - it is vulnerable.

Comment on Re^2: Best XML library to validate XML from untrusted source

Replies are listed 'Best First'.
Re^3: Best XML library to validate XML from untrusted source by Corion (Patriarch) on Oct 19, 2014 at 15:35 UTC
I think you're supposed to disable external requests using various constructor parameters (as in XML::LibXML::Parser.pod. I presume that `ext_ent_handler` with your own callback to handle external entities would be enough, but I would still use or `no_network` to be on the safe(r) side.	[reply] [d/l] [select]
Re^4: Best XML library to validate XML from untrusted source by vsespb (Chaplain) on Oct 19, 2014 at 15:45 UTC
Ok, this indeed works. And the POD page contains security related info. Thanks!	[reply]

Domain Nodelet^?

Node Status^?

node history
Node Type: note [id://1104307]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others admiring the Monastery: (7)

As of 2024-04-19 08:37 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found