FORGEBOX Enterprise 🚀 - Take your ColdFusion (CFML) Development to Modern Times! Learn More...
A simple, lightweight XML Parser Implementation written purely in CFML.
This parser purposly does not implement features such as external entities, remote schemas, DTDs to mitigate the security risks related to parsing untrusted XML.
sxp = new SafeXmlParse(); xml = "<dad name='pete'><child/></dad>" xmlObject = sxp.parse(xml); writeOutput( xmlObject.XmlRoot.XmlAttributes.name ); //pete
You can specify the following options in the
options struct argument of the
Here are the supported options:
nestingLimit- The number of nested tags allowed. This value can be specified to prevent Coercive Parsing attacks. Default Value:
tagLimit- The maximum number of tags allowed. in the XML document This value can be specified to prevent Coercive Parsing attacks. Default Value:
Throws exceptions with the following
type specified in the
safexmlparse.invalidxml- Thrown if it encounters invalid XML, unclosed tags, etc.
safexmlparse.nestinglimit- Thrown if the XML has reached the configured
safexmlparse.taglimit- Thrown if the XML has more tags than the configured
safexmlparse.doctype- Thrown if the XML has a
safexmlparse.entity- Thrown if the XML has a
safexmlparse.element- Thrown if the XML has a
message will be generic such as
Invalid XML or
Unsupported XML and the
detail of the exception will contain more technical details intended for the developer.
References: OWSAP XML Security CheatSheet
Here are all the versions for this package. Please note that you can leverage CommandBox package versioning to install any package you like. Please refer to our managing package version guide for more information.