+49 228 5552576-0


info@predic8.com

xmlProtection

Description

Prohibits XML documents to be passed through that look like XML attacks on older parsers. Too many attributes, too long element names are such indications. DTD definitions will simply be removed.

Can be used in

spring:beans, if, proxy, registration, request, response, serviceProxy, soapProxy, stompProxy, swaggerProxy and transport

Syntax

				<xmlProtection removeDTD="boolean"
					maxElementNameLength="integer" maxAttibuteCount="integer" />
			
Listing 1: xmlProtection Syntax

Sample

				<beans>
					<transport coreThreadPoolSize="20">
						<ruleMatching />
						<dispatching />
						<userFeature />
			
						<xmlProtection />
			
						<httpClient />
					</transport>
				</beans>
			
Listing 2: xmlProtection Example

Attributes

Name Required Default Description Example
maxAttibuteCount false 1000 If an incoming request exceeds this limit, it will be discarded.
maxElementNameLength false 1000 If an incoming request exceeds this limit, it will be discarded.
removeDTD false true Whether to remove the DTD from incoming requests.

Copyright © 2008-2017 predic8 GmbH
Koblenzerstr. 65, 53173 Bonn, Tel. +49 (228) 555 25 76-0