0 out of 1 rated this helpful Rate this topic

XmlReaderSettings Class

.NET Framework 4

Other Versions

Specifies a set of features to support on the XmlReader object created by the Create method.

Inheritance Hierarchy

System.Object
System.Xml.XmlReaderSettings

Namespace: System.Xml
Assembly: System.Xml (in System.Xml.dll)

Syntax

C++

Copy

[PermissionSetAttribute(SecurityAction.InheritanceDemand, Name = "FullTrust")]
public sealed class XmlReaderSettings

The XmlReaderSettings type exposes the following members.

Constructors

	Name	Description
	XmlReaderSettings	Initializes a new instance of the XmlReaderSettings class.

Top

Properties

	Name	Description
	CheckCharacters	Gets or sets a value indicating whether to do character checking.
	CloseInput	Gets or sets a value indicating whether the underlying stream or TextReader should be closed when the reader is closed.
	ConformanceLevel	Gets or sets the level of conformance which the XmlReader will comply.
	DtdProcessing	Gets or sets the DtdProcessing enumeration.
	IgnoreComments	Gets or sets a value indicating whether to ignore comments.
	IgnoreProcessingInstructions	Gets or sets a value indicating whether to ignore processing instructions.
	IgnoreWhitespace	Gets or sets a value indicating whether to ignore insignificant white space.
	LineNumberOffset	Gets or sets line number offset of the XmlReader object.
	LinePositionOffset	Gets or sets line position offset of the XmlReader object.
	MaxCharactersFromEntities	Gets or sets a value indicating the maximum allowable number of characters in a document that result from expanding entities.
	MaxCharactersInDocument	Gets or sets a value indicating the maximum allowable number of characters XML document. A zero (0) value means no limits on the size of the XML document. A non-zero value specifies the maximum size, in characters.
	NameTable	Gets or sets the XmlNameTable used for atomized string comparisons.
	ProhibitDtd	Obsolete. Gets or sets a value indicating whether to prohibit document type definition (DTD) processing. This property is obsolete. Use DtdProcessing instead.
	Schemas	Gets or sets the XmlSchemaSet to use when performing schema validation.
	ValidationFlags	Gets or sets a value indicating the schema validation settings. This setting applies to schema validating XmlReader objects (ValidationType property set to ValidationType.Schema).
	ValidationType	Gets or sets a value indicating whether the XmlReader will perform validation or type assignment when reading.
	XmlResolver	Sets the XmlResolver used to access external documents.

Top

Methods

	Name	Description
	Clone	Creates a copy of the XmlReaderSettings instance.
	Equals(Object)	Determines whether the specified Object is equal to the current Object. (Inherited from Object.)
	Finalize	Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
	GetHashCode	Serves as a hash function for a particular type. (Inherited from Object.)
	GetType	Gets the Type of the current instance. (Inherited from Object.)
	MemberwiseClone	Creates a shallow copy of the current Object. (Inherited from Object.)
	Reset	Resets the members of the settings class to their default values.
	ToString	Returns a string that represents the current object. (Inherited from Object.)

Top

Events

	Name	Description
	ValidationEventHandler	Occurs when the reader encounters validation errors.

Top

Remarks

In the .NET Framework version 2.0 release, the Create method is the preferred mechanism for obtaining XmlReader instances. The Create method uses the XmlReaderSettings class to specify which features to implement in the created XmlReader object.

For more information, see Creating XML Readers.

Security Considerations

The following are things to consider when using the XmlReaderSettings class.

The ProcessInlineSchema and ProcessSchemaLocation validation flags of an XmlReaderSettings object are not set by default. When these flags are set, the XmlResolver of the XmlReaderSettings object is used to resolve schema locations encountered in the instance document in the XmlReader. If the XmlResolver object is Nothing, schema locations are not resolved even if the ProcessInlineSchema and ProcessSchemaLocation validation flags are set.
Schemas added during validation add new types and can change the validation outcome of the document being validated. As a result, external schemas should only be resolved from trusted sources.
Validation error messages may expose sensitive content model information. Validation error and warning messages are handled using the ValidationEventHandler delegate, or are exposed as an XmlSchemaValidationException if no event handler is provided to the XmlReaderSettings object (validation warnings do not cause an XmlSchemaValidationException to be thrown). This content model information should not be exposed in untrusted scenarios. Validation warning messages are suppressed by default and can be reported by setting the ReportValidationWarnings flag.
The SourceUri property of an XmlSchemaValidationException returns the URI path to the schema file that caused the exception. The SourceUri property should not be exposed in untrusted scenarios.
Disabling the ProcessIdentityConstraints flag (enabled by default) is recommended when validating, untrusted, large XML documents in high availability scenarios against a schema with identity constraints over a large part of the document.
XmlReaderSettings objects can contain sensitive information such as user credentials. You should be careful when caching XmlReaderSettings objects, or when passing the XmlReaderSettings object from one component to another.
DTD processing is disabled by default. If you enable DTD processing, you need to be aware of including DTDs from untrusted sources and possible denial of service attacks. Use the XmlSecureResolver to restrict the resources that the XmlReader can access.
Do not accept supporting components, such as NameTable, XmlNamespaceManager, and XmlResolver objects, from an untrusted source.
Memory usage of an application that uses XmlReader may have a correlation to the size of the parsed XML document. One form of denial of service attack is when excessively large XML documents are submitted to be parsed. You can limit the size of the document that can be parsed by setting the MaxCharactersInDocument property and then limit the number of characters that result from expanding entities by setting the MaxCharactersFromEntities property.

Examples

The following example creates an XmlReader that uses an XmlUrlResolver with the necessary credentials.

Copy


// Create an XmlUrlResolver with the credentials necessary to access the Web server.
XmlUrlResolver resolver = new XmlUrlResolver();
System.Net.NetworkCredential myCred;
myCred  = new System.Net.NetworkCredential(UserName,SecurelyStoredPassword,Domain);  
resolver.Credentials = myCred;

XmlReaderSettings settings = new XmlReaderSettings();
settings.XmlResolver = resolver;

// Create the reader.
XmlReader reader = XmlReader.Create("http://serverName/data/books.xml", settings);

Version Information

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Portable Class Library

Supported in: Portable Class Library

Platforms

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Reference

System.Xml Namespace

Other Resources

XML Documents and Data

Security and Your System.Xml Applications

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(2000 characters remaining)

Community Content Add

FAQ