XML injection

The Clinical Data API handles XML injections by using standard XML processing components that construct the XML documents. Oracle recommends that client code also uses standard XML processing components to ensure that data is properly encoded. If XML is constructed manually, the developer needs to ensure that any untrusted data is properly encoded to prevent XML injection. As a best practice, the developers must validate the XML against the XML schema provided by the Clinical Data API, as the Clinical Data API does to ensure that the constraints for the data type and length are met.

• Access to Oracle Support
• Accessibility
• Legal Notices

Copyright © 2020 Oracle and/or its affiliates. All rights reserved.