No such thing as a small change | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
What you call "xml bomb" is most likely the XML Entity Expansion attack. This is most easily prevented by not expanding entities, or not expanding them recursively. To enable that, see the XML::Parser documentation, especially the NoExpand flag and the handlers for external and other entities. In those, you get to decide whether to fetch them and whether to expand them. If an entity expands to more entities, consider whether to expand them or not. In reply to Re^2: Loading a Local File
by Corion
|
|