domparser icon indicating copy to clipboard operation
domparser copied to clipboard
verified publisher icon duncan3dc

Consider preventing XXE vulnerability

Open peter279k opened this issue 4 years ago • 0 comments

As title, I think it should use the libxml_disable_entity_loader to prevent this vulnerability when the libxml version is lower than 2.9.

Some useful references are as follows:

  • https://www.php.net/manual/en/function.libxml-disable-entity-loader.php
  • https://github.com/symfony/dom-crawler/blob/5.x/Crawler.php#L232

peter279k avatar Mar 10 '21 03:03 peter279k