Atul Joshi
Reputation: 1
Nodejs libxml parsing XML Entity processing against default Behaviour
I have a very simple nodejs code parsing xml as below
`const libxml = require('libxmljs')
const xmlFile = `<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
<userInfo>
<firstName>John</firstName>
<lastName>&example;</lastName>
</userInfo>`;
const xmlDoc = libxml.parseXml(xmlFile);
const lastname = xmlDoc.get('//lastName').text();
console.log('lastname -->',lastname);`
Even after EXCLUDING the : noent: true
option, the libxml parser is still parsing the entity example and the output lastname ->Doe is shown as output
As per my analysis and research , if noent: true option is not present , the default behaviour is libxml will not parse the external entity.
But it is not happening right now
Am i missing anything here ?
I am expecting the output will be empty. I read some articles and done analysis like below
https://knowledge-base.secureflag.com/vulnerabilities/xml_injection/xml_entity_expansion_nodejs.html
Upvotes: 0
Views: 13
Answers (0)
Related Questions
- How to use nodejs to open default browser and navigate to a specific URL
- Parsing XML with namespace in Python via 'ElementTree'
- Ref in mongoose model not giving output
- NodeJS XML file parsing
- XML::LibXML with default namespaces
- Parsing XML with Ruby
- Parsing xml with colon using libxml
- parsing xml using XML::LibXML; and perl
- C++: Trouble with Parsing XML using Libxml