0 out of 2 rated this helpful - Rate this topic

XmlTextReader.ProhibitDtd Property

.NET Framework 2.0

Other Versions

Note: This property is new in the .NET Framework version 2.0.

Gets or sets a value indicating whether to allow DTD processing.

Namespace: System.Xml
Assembly: System.Xml (in system.xml.dll)

Syntax

C++

Copy

public bool ProhibitDtd { get; set; }

Copy

/** @property */
public boolean get_ProhibitDtd ()

/** @property */
public void set_ProhibitDtd (boolean value)

JScript

Copy

public function get ProhibitDtd () : boolean

public function set ProhibitDtd (value : boolean)

Property Value

true to disallow DTD processing; otherwise false. The default is false.

Remarks

Note
In the Microsoft .NET Framework version 2.0 release, the recommended practice is to create XmlReader instances using the System.Xml.XmlReader.Create method. This allows you to take full advantage of the new features introduced in this release. For more information, see Creating XML Readers.

DTD processing is enabled by default for backwards compatibility. However, unless your application requires DTD processing, you should disable this setting. Disabling DTD processing can be useful in preventing certain denial of service attacks. If set to true, the reader throws an XmlException when any DTD content is encountered.

If you have DTD processing enabled, you need to be aware of including DTDs from untrusted sources and possible denial of service attacks. Use the XmlSecureResolver to restrict the resources that the XmlTextReader can access. You can also design your application so that the XML processing is memory and time constrained. For example, configure time-out limits in your ASP.NET application

For more information, see Security and Your System.Xml Applications.

Platforms

Windows 98, Windows 2000 SP4, Windows CE, Windows Millennium Edition, Windows Mobile for Pocket PC, Windows Mobile for Smartphone, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

Version Information

.NET Framework

Supported in: 2.0

Reference

XmlTextReader Class
XmlTextReader Members
System.Xml Namespace

Other Resources

Reading XML with the XmlReader

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

FAQ

Default value for this property is actually true

A tour of the 2.0 version of the System.Xml assembly using Reflector will show that the default constructor calls "XmlReaderSettings.Reset()" which sets this property to "true" which is not what the above documentation suggests. Additionally, when applying this to the "XmlReader.Create" method... If the ValidationType for the XmlReaderSettings class is set to "DTD" your setting for this property is never used. That means you will always get the Exception "For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method." when you try and add a file-based DTD reference to the XmlReaderSettings.Schemas list.

History

12/18/2007
Joe Geeky