search

mdesalvo / RDFSharp

Lightweight and friendly .NET library for realizing Semantic Web applications
Apache License 2.0
121 stars 26 forks source link

XML-based parsers potentially vulnerable to XXE attacks #260

Closed mdesalvo closed 2 years ago

mdesalvo commented 2 years ago

Altough we can rely on XXE-safety of XmlTextReader in .net standard 2.0, it is a good idea to force XmlResolver = null when dealing with XmlReader/XmlDocument.