XML Parsing
XML parsing is handled automatically for Content-Type: application/xml.
Usage
app.post('/config', (req, res) => {
// req.body is a parsed object
const cleanConfig = req.body.root;
// ...
});
Security (XXE)
The XML parser runs in Safe Mode by default to prevent XXE (XML External Entity) attacks.
const options = {
safeMode: true, // Disable external entities (default: true)
strict: true // Strict parsing mode (default: true)
};
Last updated: 12/11/2025
Edit on GitHub