...
- Operating system command interpreter (see IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method)
- A data repository with a SQL-compliant interface (see IDS00-J. Prevent SQL Injection)
- XML parser (see IDS16-J. Prevent XML Injection and IDS17-J. XML External Entity Attacks)
- XPath evaluators
- Lightweight Directory Access Protocol (LDAP) directory service
- Script engines
- Regular expression (regex) compilersengines (see IDS08-J. Sanitize untrusted data included in a regular expression)