Is it safe to use DOMParser to parse client side XML files?

Asked May 19 '16 at 17:22

Active Dec 30 '18 at 19:06

Viewed 1,311 times

Some JavaScript frameworks or libraries use the DOMParser API to parse XML files from the client.

Is it safe to do this? Malicious code can easily be embedded into the XML file (in either the definition of nodes or their attributes). Does DOMParser prevent/filter malicious scripts in any way?

In case I want to use DOMParser myself, what do I need to do to prevent attacks through malicious scripts?

edited Dec 30 '18 at 19:06

EdOverflow

1,246
8
21

asked May 19 '16 at 17:22

Wilt

I'm not a DOMParser expert, but by looking at [these answers](https://security.stackexchange.com/questions/50970/is-it-safe-to-use-createhtmldocument-to-sanitize-html/50975) it seems to be safe – Neil Smithline May 20 '16 at 02:05

Is it safe to use DOMParser to parse client side XML files?

0 Answers0