Specifies whether to prohibit (true) or allow (false) the inclusion of a DTD in the XML DOM document.
This property is supported in MSXML 3.0 and 6.0. The default value is false for 3.0. The default value is true for 6.0.
HRESULT setProperty(BSTR strProp, VARIANT vBool); HRESULT getProperty(BSTR strProp, VARIANT* vBool);
This property allows you to prohibit DTD use and can help prevent a denial of service attack in some situations. For example, an application might become unresponsive if a large number of entity references are included with the DTD and require resolution when the document XML is parsed and loaded.
Setting this property to true will prohibit DTDs and result in one of the following parser errors whenever a DTD is included:
"Invalid at the top level of the document" (XML_E_INVALIDATROOTLEVEL, 0xC00CE556), when using MSXML 3.0 (property "NewParser" = true/false).
"DTD is prohibited" (XML_E_DTD_PROHIBITED, 0xC00CE584), when using MSXML 6.0 (property "NewParser" = false).
"DTD is prohibited" (WC_E_DTD_PROHIBITED, 0xC00CEE4E) when using MSXML 6.0 (property "NewParser" = true)
When the DOM object is cloned, the value of this property is not propagated to the cloned object. You need to reset this property on the clone, if desired.
The following shows how this property is set in JScript:
dom.setProperty("ProhibitDTD", true); //for JScript
For Visual Basic or VBScript, the following is the correct syntax:
dom.setProperty "ProhibitDTD", True 'for VB/VBScript