12 lines
587 B
Plaintext
12 lines
587 B
Plaintext
==== Converting to a harmless type
|
|
|
|
When the application allows it, casting user-submitted data to a harmless type
|
|
can help prevent XML injection vulnerabilities. In particular, converting user
|
|
inputs to numeric types is an efficient sanitation mechanism.
|
|
|
|
This mechanism can be extended to other types, including more complex ones.
|
|
However, care should be taken when dealing with them, as manually validating or
|
|
sanitizing complex types can represent a challenge.
|
|
|
|
Note that choosing this solution can be error-prone: every user input has to be
|
|
validated or sanitized without oversight. |