If I paste XML into the body of a request and make the request, the information is correctly transferred as raw XML, but the display in the REQUEST button does not have the tags escaped, so the xml tags are missing and all I see on the page is the XML content strung together. I would think that means I could end up with my own XSS (although I would be doing that to myself!).
If I paste XML into the body of a request and make the request, the information is correctly transferred as raw XML, but the display in the REQUEST button does not have the tags escaped, so the xml tags are missing and all I see on the page is the XML content strung together. I would think that means I could end up with my own XSS (although I would be doing that to myself!).