XML External Entities (XXE)

The format for API is based on the Operational Data Model (ODM), which is a representation of clinical data created by the Clinical Data Interchange Standards Consortium (CDISC). The XML format that the Oracle InForm application accepts is called Oracle InForm ODM because it has Oracle InForm-specific extensions to the base ODM XML schema.

Clinical Data API have been tested to verify that XML upload functionality validates incoming XML using XSD validation that can be submitted to the Oracle InForm application.