diff --git a/internal/waf/injectionutils/libinjection/src/libinjection_xss.c b/internal/waf/injectionutils/libinjection/src/libinjection_xss.c
index 5275757..c135a36 100644
--- a/internal/waf/injectionutils/libinjection/src/libinjection_xss.c
+++ b/internal/waf/injectionutils/libinjection/src/libinjection_xss.c
@@ -667,10 +667,11 @@ static attribute_t is_black_attr(const char* s, size_t len)
 
 
         /* XMLNS can be used to create arbitrary tags */
-        if (cstrcasecmp_with_null("XMLNS", s, 5) == 0 || cstrcasecmp_with_null("XLINK", s, 5) == 0) {
+        // goedge: commented for photo uploading
+        //if (cstrcasecmp_with_null("XMLNS", s, 5) == 0 || cstrcasecmp_with_null("XLINK", s, 5) == 0) {
             /*      printf("Got XMLNS and XLINK tags\n"); */
-            return TYPE_BLACK;
-        }
+        //    return TYPE_BLACK;
+        //}
     }
 
     black = BLACKATTR;
@@ -789,9 +790,10 @@ int libinjection_is_xss(const char* s, size_t len, int flags)
             attr = TYPE_NONE;
         } else if (h5.token_type == TAG_COMMENT) {
             /* IE uses a "`" as a tag ending char */
-            if (memchr(h5.token_start, '`', h5.token_len) != NULL) {
+            // goedge: commented for photo uploading
+            /**if (memchr(h5.token_start, '`', h5.token_len) != NULL) {
                 return 1;
-            }
+            }**/
 
             /* IE conditional comment */
             if (h5.token_len > 3) {
diff --git a/internal/waf/injectionutils/libinjection_xss.c b/internal/waf/injectionutils/libinjection_xss.c
index 2189045..72c861f 100644
--- a/internal/waf/injectionutils/libinjection_xss.c
+++ b/internal/waf/injectionutils/libinjection_xss.c
@@ -1,4 +1,6 @@
 #define LIBINJECTION_VERSION "3.9.1"
 
 #include "libinjection/src/libinjection_xss.c"
-#include "libinjection/src/libinjection_html5.c"
\ No newline at end of file
+#include "libinjection/src/libinjection_html5.c"
+
+#define GOEDGE_VERSION "23" // last version is for GoEdge change
\ No newline at end of file
diff --git a/internal/waf/injectionutils/utils_xss_test.go b/internal/waf/injectionutils/utils_xss_test.go
index 4cab416..4bec531 100644
--- a/internal/waf/injectionutils/utils_xss_test.go
+++ b/internal/waf/injectionutils/utils_xss_test.go
@@ -24,6 +24,14 @@ func TestDetectXSS(t *testing.T) {
 	a.IsTrue(injectionutils.DetectXSS("<iframe scrolling='no'>"))
 	a.IsFalse(injectionutils.DetectXSS("<html><body><span>RequestId: 1234567890</span></body></html>"))
 	a.IsTrue(injectionutils.DetectXSS("name=s&description=%3Cscript+src%3D%22a.js%22%3Edddd%3C%2Fscript%3E"))
+	a.IsFalse(injectionutils.DetectXSS(`<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">
+   <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+      <rdf:Description rdf:about=""
+            xmlns:tiff="http://ns.adobe.com/tiff/1.0/">
+         <tiff:Orientation>1</tiff:Orientation>
+      </rdf:Description>
+   </rdf:RDF>
+</x:xmpmeta>`)) // included in some photo files
 }
 
 func BenchmarkDetectXSS_MISS(b *testing.B) {