Vulnerable Code for XML Injection
- String should not be modified after validation. By doing that it allows to attacker to bypass validation
- With the help of Unicode perform the modification of the string to validate properly
Secure Code for XML Injection
- In the code snippet the whitelisting method is used to sanitize inputs
- The method strictly validates quantity field input numbers between 0 and 9
Cheng® 