Info Call to XML parsing API


Improper XML parsing could lead to several vulnerabilities which could to arbitrary file access (External XML Entities injection, XML injection) or denial of service (Billion laughs, quadratic blowup).


This entry is informative, no recommendations applicable.

Technical details

Method$PersistHistoryAsyncTask.doInBackground() calling method android.util.Xml.newSerializer()

Couldn't retrieve source code