XXE
XML External Entity Attack
An attack exploiting XML parsers to access local files, perform SSRF, or cause denial of service via entity expansion.
Chi tiết kỹ thuật
XXE is a critical component of information security infrastructure. The Web Crypto API (crypto.subtle) provides browser-native implementations of cryptographic algorithms including AES-GCM, RSA-OAEP, ECDSA, and SHA family hash functions. All operations execute in constant-time to prevent timing attacks. Client-side security processing ensures sensitive data (passwords, keys, encrypted content) never leaves the user's device — a property that cannot be guaranteed by server-side alternatives.
Ví dụ
```javascript
// XXE — Web Crypto API example
const data = new TextEncoder().encode('sensitive data');
const hash = await crypto.subtle.digest('SHA-256', data);
const hex = Array.from(new Uint8Array(hash))
.map(b => b.toString(16).padStart(2, '0')).join('');
```
Định dạng liên quan
Công cụ liên quan
P
Password Generator
P
Password Strength Checker
H
Hash Generator
H
HMAC Generator
A
AES Encrypt / Decrypt
R
Random String Generator
C
CSP Header Generator
T
Text Redactor
C
CORS Header Generator
S
SRI Hash Generator
B
Base64 Encoder / Decoder
G
Giải Mã JWT
T
Tạo UUID
T
TOTP Configurator
S
SSL Certificate Decoder