How to Detect XML External Entity Attacks with JavaScript

If your app is parsing XML data, it could be vulnerable to XXE (XML External Entity) attacks. These sneaky attacks can allow hackers to view and retrieve sensitive files on the application server, and they can even be used to perform SSRF (Server Side Request Forgery). With the help of our XXE Detection API, you can find out if any such attacks exist before your parser has a chance to process them, ensuring your app stays safe & sound.

Below, we’ve provided ready-to-run code examples to help you structure your API call in JavaScript. Just follow instructions to copy & paste, ensure the necessary parameters are satisfied, and you’re good to go.

Let’s begin by installing the jQuery library. Run the following command:

bower install jquery

Now let’s include code snippets for the API call:

var settings = {
"url": "",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"data": JSON.stringify("<string>"),
$.ajax(settings).done(function (response) {

Just like that, you’re all done. To get your API key, head to our website and register for a free account (this will supply a limit of 800 API calls per month).



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store