Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using CDATA element in XML is vulnerable or not?

Tags:

xml

cdata

Is it a vulnerable using CDATA element in XML documents? If so what happens if we use CDATA element in XML documents?

like image 612
Madhan Avatar asked Nov 13 '09 11:11

Madhan


2 Answers

I don't know what you mean by ‘vulnerability’, but there is one mistake many people make with CDATA sections. This happens when a lazy programmer doesn't really understand text-escaping, and tries to avoid the normal process of &-encoding special characters in XML. They think they can get away with:

print "<element><![CDATA["+textstring+"]]></element>";

and whilst this will indeed stop a < or & character in textstring being treated as markup, it's not watertight because textstring might contain a ]]> sequence, resulting in:

<element><![CDATA[ Foo ]]> <bar>I'm an unexpected element!</bar> ]]></element>

This is an XML-injection, which like an HTML-injection could potentially have an XSS-like security impact.

So you'd still need to escape some sequences in CDATA (usually, you would split a ]]> sequence between two CDATA sections). In practice that makes using CDATA no easier than just &-encoding your text content the normal way. So really there is no reason ever to use a CDATA section.

like image 84
bobince Avatar answered Sep 19 '22 20:09

bobince


A CDATA section is simply another way of representing character data within an XML document. It means exactly the same thing as any other (non-tag) text in a document, except that it's escaped differently.

There is no extra "vulnerability" associated with CDATA (except for bugs in your XML parsing library, of course).

like image 30
Greg Hewgill Avatar answered Sep 20 '22 20:09

Greg Hewgill