Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re^2: Best XML library to validate XML from untrusted source

by vsespb (Chaplain)
on Oct 19, 2014 at 15:23 UTC ( #1104307=note: print w/replies, xml ) Need Help??


in reply to Re: Best XML library to validate XML from untrusted source
in thread Best XML library to validate XML from untrusted source

Ok, Tested XML::LibXML - it is vulnerable.
  • Comment on Re^2: Best XML library to validate XML from untrusted source

Replies are listed 'Best First'.
Re^3: Best XML library to validate XML from untrusted source
by Corion (Pope) on Oct 19, 2014 at 15:35 UTC

    I think you're supposed to disable external requests using various constructor parameters (as in XML::LibXML::Parser.pod.

    I presume that ext_ent_handler with your own callback to handle external entities would be enough, but I would still use or no_network to be on the safe(r) side.

      Ok, this indeed works. And the POD page contains security related info. Thanks!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1104307]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (6)
As of 2019-11-22 08:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Strict and warnings: which comes first?



    Results (110 votes). Check out past polls.

    Notices?