Once upon a time, Job Snijders <[email protected]> said: > If I worked at Juniper/HPE ... I'd use something like strnvis() to > sanitize the (untrusted) network input contained within a Shutdown > Communication. See the documentation here https://man.openbsd.org/vis.3
JUNOS already contains some XML encoding code, since essentially day 1 (since they were emitting XML from the backend)... but this makes it look like the NETCONF code isn't using it. This could be a security issue - what if somebody sends '</whatever><then-more-XML>...' in a message? -- Chris Adams <[email protected]> _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/SHHBCOT6W6TACBKXQ62CTRDZRZPLONMB/
