A more general mechanism for checking XML for attempted injection is to validate it using a Document Type Definition (DTD) or schema. SAXParser Validating(boolean validating) method specifies that the parser produced by this code will validate documents as they are parsed. * * * @throws IOException * @throws SAXException * @throws Parser Configuration Exception */ public void validate( Input Source source ) throws IOException, SAXException, Parser Configuration Exception /** * Uses Xerces to validate an XML document against a specified XML schema.Should be able to pass in * "file://d:/gda/dev/blah.xml" type of URL.
Alternatively, the attacker may be able to inject special characters, such as comment blocks and delimiters, which corrupt the meaning of the XML.There are two levels of correctness for an xml file: well formed, described in Section 1.4 Well-formed XML documents and valid, described in Section 1.5 Valid XML documents.When the sax parser is invoked it creates as instance of the class The designers of XML intended to write a clear concise specification of a structured document language.When my xml Structured Error callback is called with a validation error, the the line and int2 (which is supposed to be a column?) are always zero, regardless of where the error is in the input.