...
This noncompliant code example uses a user generated string xmlString. The string is required to , which will be parsed by an XML parser. (See ; see guideline IDS08-J. Prevent XML Injection. ) The description node is a String, as defined by the XML schema. Consequently, it accepts all valid characters including CDATA tags.
...