Are JAX-RPC and Axis2 protected against XML Injection?

. They are build on standard Java APIs like JAXP which have been around for a long time, and escape any dangerous characters & etc automatically.

. They are build on standard Java APIs like JAXP which have been around for a long time, and escape any dangerous characters That doesn't mean you don't have to be careful you don't introduce injection vulnerabilities when using these technologies in your own application. For example, it still seems difficult to parameterized XPath queries safely in Java.

Thank you for the answer, during serialization I'm sure they perform escaping. But during de-serializaton there is not much left to do. If I have a server, and my client is not using any of those tools - it will leave room for anyone to manipulate the XML before it reaches me.It will leave me still vulnerable.

– RonK Jun 28 at 11:15 I'm not sure we're using the same definition of XML injection. Perhaps you could update your question with precisely what you mean? – artbristol Jun 28 at 11:18.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.