OWASP Periodic Table of Vulnerabilities - XML Injection

Return to Periodic Table Working View

Root Cause Summary
XML documents are generated by including dynamic data without proper encoding.

Browser / Standards Solution
None

Perimeter Solution
None

Generic Framework Solution
The framework should provide safe libraries for constructing and manipulating XML documents that automatically encode all dynamic data. The framework should disallow any direct access to raw XML.

Custom Framework Solution
None

Custom Code Solution
None

Discussion / Controversy
Cross-Site Scripting / HTML Injection is a special case of XML injection.