Clojure’s standard library includes the namespace clojure.xml, which implements a XML parser. It’s not used much – which is great, because it’s vulnerable to XML external entity (XXE) attacks. It’s something that you want to be aware of if you’re using clojure.xml to process untrusted input. Update (2022-03-27): XXE processing has been disabled in Clojure 1.11.0. Juha Jokimäki tweeted about this already back in 2014. However, I still see clojure.xml occassionally used, so I thoug...
