Changes
/* Solution */
</basket>
</pre>
* We can then inject XML with the cookie, we use [https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing XML external entities ] which allow to manipulate local files and display the result in the XML
<pre>
<!DOCTYPE basket