none
DTD processing in Linq to XML

    Question

  • Hi, I am writing some Linq to XML code to parse xml document but it's failing due to unknown entities in xml document. The entities are really encoded html like  , etc. The entities are mentioned in the dtd but Linq to XML is not reading the dtd.

    I know that dtd processing is disabled for security reasons but is it possible to enable this.

    Monday, May 30, 2011 1:09 AM

Answers

  • Hello,

    Entities in DTDs are inherently not secure. It is possible for a malicious XML document that contains a DTD to cause the parser to use all memory and CPU time, causing a denial of service attack. Therefore, in LINQ to XML, DTD processing is turned off by default. You should not accept DTDs from untrusted sources.

    However, to enable it you should use XDocumentType class.

    Here is a sample :

     XDocument xDocument = new XDocument(new XDocumentType("Books",null,"Books.dtd", null),new XElement("Book"));
    
    Kind regards,

     


    aelassas.free.fr
    Monday, May 30, 2011 9:01 AM
  • I have tried the following and it has worked -

    XmlReaderSettings settings = new XmlReaderSettings();
    settings.ProhibitDtd = false;
    
    XmlReader reader = XmlReader.Create(Server.MapPath("filename"), settings);
          
    XDocument doc = XDocument.Load(reader);
    

    I have not tried the above yet.

     

     

    • Marked as answer by Shahed Kazi Friday, June 03, 2011 7:22 AM
    Friday, June 03, 2011 7:22 AM

All replies

  • Hello,

    Entities in DTDs are inherently not secure. It is possible for a malicious XML document that contains a DTD to cause the parser to use all memory and CPU time, causing a denial of service attack. Therefore, in LINQ to XML, DTD processing is turned off by default. You should not accept DTDs from untrusted sources.

    However, to enable it you should use XDocumentType class.

    Here is a sample :

     XDocument xDocument = new XDocument(new XDocumentType("Books",null,"Books.dtd", null),new XElement("Book"));
    
    Kind regards,

     


    aelassas.free.fr
    Monday, May 30, 2011 9:01 AM
  • I have tried the following and it has worked -

    XmlReaderSettings settings = new XmlReaderSettings();
    settings.ProhibitDtd = false;
    
    XmlReader reader = XmlReader.Create(Server.MapPath("filename"), settings);
          
    XDocument doc = XDocument.Load(reader);
    

    I have not tried the above yet.

     

     

    • Marked as answer by Shahed Kazi Friday, June 03, 2011 7:22 AM
    Friday, June 03, 2011 7:22 AM