Monday, May 28, 2018

Re: XML Enternal Entity (XXE) Vurnability

On Monday, May 28, 2018 at 1:34:59 PM UTC+2, Deepak Antil wrote:
Is GWT is prone to XXE Vulnerability by default or it require any specific configuration for that?

TL;DR: No.
XML Prevention Sheet taking about settings for common XML parsers.

Not sure what internally configured in GWT internal used XML parsers.

GWT will (AFAIK) load and process XXEs of *.gwt.xml files when you compile, test or debug your code; but *.gwt.xml files will either be written by yourself/your team, or come from external dependencies, so you have to be just as careful as with any external code that you'll run on your machine.* or* defer to native browser APIs, so they're only vulnerable if your browser is vulnerable.
GWT does not make use of XML in its server-side code (for RPC or RequestFactory) and does not otherwise provide any XML parsing facility itself that would be vulnerable.

You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

No comments:

Post a Comment