Detect XXE Attacks from Input Text in C#
XML External Entity (XXE) attacks are a type of cyber threat that targets applications that parse XML requests. Since XML is used in most web applications, XXE attacks are a serious security vulnerability that is often overlooked. The following API can be used in C# to automatically review and detect XXE attacks from text input; this added layer of protection can help you guard against these non-standard threats.
To get things started, we will first install the .NET Framework SDK:
Install-Package Cloudmersive.APIClient.NET.Validate -Version 3.2.0
Then we will call the function by adding our user-facing text input and API key to the below code:
using Cloudmersive.APIClient.NET.Validate.Model;namespace Example
public class TextInputCheckXxeExample
public void main()
// Configure API key authorization: Apikey
Configuration.Default.AddApiKey("Apikey", "YOUR_API_KEY");var apiInstance = new TextInputApi();
var value = value_example; // string | User-facing text input.
var allowInternetUrls = true; // bool? | Optional: Set to true to allow Internet-based dependency URLs for DTDs and other XML External Entitites, set to false to block. Default is false. (optional)
var knownSafeUrls = knownSafeUrls_example; // string | Optional: Comma separated list of fully-qualified URLs that will automatically be considered safe. (optional)
var knownUnsafeUrls = knownUnsafeUrls_example; // string | Optional: Comma separated list of fully-qualified URLs that will automatically be considered unsafe. (optional)try
// Protect text input from XML External Entity (XXE) attacks
XxeDetectionResult result = apiInstance.TextInputCheckXxe(value, allowInternetUrls, knownSafeUrls, knownUnsafeUrls);
catch (Exception e)
Debug.Print("Exception when calling TextInputApi.TextInputCheckXxe: " + e.Message );
The returned response will inform you if an XXE attack is present in your input text. To retrieve your API key, simply head to the Cloudmersive website to register for a free account; this will give you access to 800 monthly calls across our library of APIs.