I'm using simplexml framework on Android and it parse xml internally with xmlpullparser. There is any capabilities to enable xml validation to prevent XXE attacks or any settings for this?
Thanks!
Asked
Active
Viewed 459 times
3
-
@Terel `simplexml` internally uses `xmlpullparser` on Android (see it in `org.simpleframework.xml.stream.ProviderFactory#getInstance`) for parsing. But pullparser doesn't support external entity resolutions at all, so xxe attacks can't be applied in this case. Please correct me if i'm wrong. – aim Mar 19 '14 at 21:49