Is .NET XmlSerializer.Deserialize(TextReader) safe?
Is the .NET method XmlSerializer.Deserialize(TextReader) safe from XML vulnerabilities (XXE, XmlBomb etc..)? Will the DTD be processed during deserialization?
I can understand why XmlSerializer.Deserialize(XmlTextReader) can… Continue reading Is .NET XmlSerializer.Deserialize(TextReader) safe?