When using XmlDocument.Load , I am finding that if the document refers to a DTD, a connection is made to the provided URI. Is there any way to prevent this from happening?
A:
Use an XMLReader to load the document and set the ValidationType property of the reader settings to None.
muratgu
2008-10-19 02:14:28
That won't help you if the XML uses entity references defined in the DTD, unfortunately, because that makes the XML non-well-formed, not invalid.
Robert Rossney
2008-10-19 05:59:31
So, I'm left feeling that it is necessary to process the DTD in order to correctly process entity references. How would this work in the absence of a connection though?
spender
2008-10-19 12:00:42
It wouldn't. If your document can contain entity references that are defined in a DTD, the parser needs the DTD. So you have to either include the DTD in the XML you're trying to parse or cache the DTD locally. This is one reason I don't like using entity references.
Robert Rossney
2008-10-19 20:05:16
A:
Try something like this:
XmlDocument doc = new XmlDocument();
using (StringReader sr = new StringReader(xml))
using (XmlReader reader = XmlReader.Create(sr, new XmlReaderSettings()))
{
doc.Load(reader);
}
The thing to note here is that XmlReaderSettings has the ProhibitDtd property set to true by default.
Richard Nienaber
2008-10-19 09:24:01
A:
The document being loaded HAS a DTD.
With:
settings.ProhibitDtd = true;
I see the following exception:
Service cannot be started. System.Xml.XmlException: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method.
So, it looks like ProhibitDtd MUST be set to true in this instance.
It looked like ValidationType would do the trick, but with:
settings.ValidationType = ValidationType.None;
I'm still seeing a connection to the DTD uri.
spender
2008-10-19 11:58:47
+1
A:
After some more digging, maybe you should set the XmlResolver property of the XmlReaderSettings object to null.
'The XmlResolver is used to locate and open an XML instance document, or to locate and open any external resources referenced by the XML instance document. This can include entities, DTD, or schemas.'
So the code would look like this:
XmlReaderSettings settings = new XmlReaderSettings();
settings.XmlResolver = null;
XmlDocument doc = new XmlDocument();
using (StringReader sr = new StringReader(xml))
using (XmlReader reader = XmlReader.Create(sr, settings))
{
doc.Load(reader);
}
Richard Nienaber
2008-10-19 18:04:42
also required is: settings.ProhibitDtd = false;otherwise, right on the money. cheers!
spender
2008-10-19 22:43:38