11 lines
558 B
Plaintext
11 lines
558 B
Plaintext
==== Programmatic object building
|
|
|
|
In most cases, an application can directly create documents from user input
|
|
without having to build and parse an XML string. Doing so prevents injection
|
|
vulnerabilities as XML document construction libraries and functions will
|
|
properly escape and check the type of input values.
|
|
|
|
Sometimes, the application might need to include the user input in a document
|
|
built from a trusted XML string. In that case, the recommended solution is to
|
|
parse the trusted string first and then programmatically modify the resulting
|
|
document. |