Have you looked at the NoExpand option of XML::Parser which is at version 2.44 on CPAN? It allows you to prevent entity expansion, which should help against the Billion Laughs Attack.

As you don't tell us what "dependency issues" you got, it's hard to advise you about how to install XML::LibXML to use that instead.

My general advice is if you are talking to the outside world and you think that a Billion Laughs Attack might happen to you because you receive unfiltered input from untrusted parties, you should consider upgrading your version of Perl to at least 5.14 or preferrably to something higher to prevent lots of other attacks based on processing untrusted input in hashes and also to restore compatibility with many modules.

In reply to Re: Billions of laughs attack by Corion
in thread Billions of laughs attack by nlakshmi

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.