[basex-talk] Protecting against XML vulnerabilities

13 Mar 2025


      I am trying to protect my BaseX application from XML vulnerabilities, 
like the ones described in 
[https://gist.github.com/mgeeky/4f726d3b374f0a34267d4f19c9004870] and 
[https://learn.microsoft.com/en-us/archive/msdn-magazine/2009/november/xml-de...].
My application runs as `basexhttp` inside a docker container, and I set 
the options in web.xml:
<context-param>
<param-name>org.basex.dtd</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>org.basex.xinclude</param-name>
<param-value>false</param-value>
</context-param>
I have not found other options, for example to let the parser limit 
expansion of internal entities.
Is there a way to set parser properties like 
`jdk.xml.entityExpansionLimit` in BaseX?

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[basex-talk] Protecting against XML vulnerabilities