XXE vulnerabilities in Javascript



Is it true (or at least makes sense) that one can have a XXE attack on Javascript? This is, when trying to parse XML with JS, does it process external entities? But this parsing is executed client side, am I right? What harm can it do to a server?


How can we prevent such attacks on Javascript XML DOM or Jquery or alike?


Thank you! Cheers


No comments:

Post a Comment