This project has moved and is read-only. For the latest updates, please go here.
1
Vote

Fortify reports XML injection possibility

description

Hi!

We started using fortify to scan our builds and the following "critical issue" came up:

XML Injection (Input Validation and Representation, Data flow)
On line 1612 of HtmlNode.cs, the method WriteTo() writes XML unvalidated input. This call could allow an attacker to inject arbitrary elements or attributes into the XML document.

If necessary I can also provide the analysis traces, but they are hard to export :/

comments