Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Drupal.

  1. Ensure custom Drupal modules that process XML use secure XML parsing:

    libxml_disable_entity_loader(true);

  2. Use Drupal's provided XML utilities and never pass unsanitised user data into XSLT transformations.

Back to top