...
A more general mechanism for checking XML for attempted injection is to validate it using a DTD or schema. The schema must be rigidly defined to prevent injections from being mistaken for valid XML. Here is a suitable schema for validating our XML snippet:
| Code Block | ||
|---|---|---|
| ||
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="item">
<xs:complexType>
<xs:sequence>
<xs:element name="description" type="xs:string"/>
<xs:element name="price" type="xs:decimal"/>
<xs:element name="quantity" type="xs:integer"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
|
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0ced157246716cb5-6a31c4ce-41054e6d-ab22b3d4-363beb53c6c1367e33dba8ec"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. Bibliography#OWASP 05]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d240055d20c0f5b5-c0fe4ce8-49c14729-acdf9d9f-584aebbd9cfa89a1fa63020c"><ac:plain-text-body><![CDATA[ | [[OWASP 2007 | AA. Bibliography#OWASP 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b29ae4267f3715d1-fe2468dc-4e444a86-a6338354-b2e42c3bc6a46707db89438a"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. Bibliography#OWASP 08]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="19855af24610d75e-107bafae-4ac0475c-bed8a8b0-ccdd9b8807e29d49444e3b61"><ac:plain-text-body><![CDATA[ | [[W3C 2008 | AA. Bibliography#W3C 08]] | 4.4.3 Included If Validating | ]]></ac:plain-text-body></ac:structured-macro> |
...