Lauritz
**Attention**: The `XmlFullSignature` operation is vulnerable to XXE. This has the following implications: 1) Depending on your use case of *CSTC*, you are directly vulnerable to this attack. E.g. if...
Disable external Entities (https://github.com/usdAG/cstc/issues/69).
It would be great if `jwt_tool` would support encrypted JWT variants as described in https://datatracker.ietf.org/doc/html/rfc7519#appendix-A. At the very least, it would be great if the JOSE header would be parsed...
* Parse provided fragment * Scan "query parameters" of fragment of present
There are further methods that should be investigated and, if suitable, added to the "-g" feature flag. Example: https://twitter.com/bemodtwz/status/1634264844013543451?
In [Section 5.2.1.1.](https://github.com/aaronpk/oauth-v2-1/blob/main/draft-ietf-oauth-v2-1.md#authorization-request-header-field) the syntax of `access_token` values that are used in the context of HTTP headers is explicitly outlined as follows: ``` b64token = 1*( ALPHA / DIGIT /...