Open QiAnXinCodeSafe opened 4 years ago
https://github.com/bilibili/DanmakuFlameMaster/blob/e2846461a09e33720a049f628f09c653f55531f0/Sample/src/main/java/com/sample/BiliDanmukuParser.java#L62-L65
Using XML parsers configured to not prevent nor limit external entities resolution can expose the parser to an XML External Entities attack
https://github.com/bilibili/DanmakuFlameMaster/blob/e2846461a09e33720a049f628f09c653f55531f0/Sample/src/main/java/com/sample/BiliDanmukuParser.java#L62-L65
Using XML parsers configured to not prevent nor limit external entities resolution can expose the parser to an XML External Entities attack