...
A more general mechanism for checking XML for attempted injection is to validate it using a DTD or schema. The schema must be rigidly defined to prevent injections from being mistaken for valid XML. Here is a suitable schema for validating our XML snippet:
| Code Block | ||
|---|---|---|
| ||
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="item">
<xs:complexType>
<xs:sequence>
<xs:element name="description" type="xs:string"/>
<xs:element name="price" type="xs:decimal"/>
<xs:element name="quantity" type="xs:integer"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
|
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="311ab0d59ef6bcdb-3de0cdeb-49834853-a1dba6f5-93b6ce37f5c8a371807a5145"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. Bibliography#OWASP 05]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1eeae74897538095-38d341f6-48884c1c-a1f19847-b9e3c9c12cb5ecf80ca04f09"><ac:plain-text-body><![CDATA[ | [[OWASP 2007 | AA. Bibliography#OWASP 07]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9249c4e7013194c0-3183e75e-45e64890-a2ad868f-c143ad74437f3d27a70f0150"><ac:plain-text-body><![CDATA[ | [[OWASP 2008 | AA. Bibliography#OWASP 08]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a56186a4c8cc4e20-6a13e7ab-41524dc4-b71ba1c2-b9495a9260c4496a08ddd759"><ac:plain-text-body><![CDATA[ | [[W3C 2008 | AA. Bibliography#W3C 08]] | 4.4.3 Included If Validating | ]]></ac:plain-text-body></ac:structured-macro> |
...