Is it true (or at least makes sense) that one can have a XXE attack on Javascript? This is, when trying to parse XML with JS, does it process external entities? But this parsing is executed client side, am I right? What harm can it do to a server?
How can we prevent such attacks on Javascript XML DOM or Jquery or alike?
Thank you! Cheers
No comments:
Post a Comment