XML Exam I10-003 Topic 6 Question 56 Discussion

Actual exam question for XML's I10-003 exam

Question #: 56
Topic #: 6

A certain Web application displays user information according to user input via Web browser. The XML data managing user information is as shown in [example xm I] referenced in a separate window.

At this time, the Web application completes the [XQuery] by replacing (1) and (2) with the user input character string, and executes the query.

No character escapes (e.g. convert "<" to "<") are performed for character string input by the user.

Select the query execution result when the user input character string is as follows:

(1) "]/fn:root(),()/a[a="

(2) OK

A<result/>

B<result>
<example>
<data>
<userid>id1</userid>
pass1
<name>name1</name>

add1

</data>
<data>
<userid>id2</userid>
pass2
<name>name2</name>

add2

</data>
</example>
</result>

C<result>
<example>
<data>
<userid>id1</userid>
pass1
<name>name1</name>

add1

</data>
<data>
<userid>id2</userid>
pass2
<name>name2</name>

add2

</data>
</example>

</result>

Dan error occurs

Show Suggested Answer

Suggested Answer: B, F

by Shala at Jan 15, 2025, 04:21 AM

Limited Time Offer

25%

Off

Get Premium I10-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Gilberto

9 days ago

I think the correct answer is C. The user input character string contains an XML tag that could be interpreted as part of the XML structure, potentially leading to a security vulnerability known as XML injection.

upvoted 0 times

...