When building tools for IATI data there are several security issues to be aware of.
When parsing XML, you should be aware of entity based attacks.
User Supplied Files¶
You should make sure that
- user supplied files aren’t executable (e.g. if a PHP file is uploaded to the web directory)