Export (0) Print
Expand All

XmlReaderSettings.Schemas Property

Gets or sets the XmlSchemaSet to use when performing schema validation.

Namespace:  System.Xml
Assembly:  System.Xml (in System.Xml.dll)

public XmlSchemaSet Schemas { get; set; }

Property Value

Type: System.Xml.Schema.XmlSchemaSet
The XmlSchemaSet to use when performing schema validation. The default is an empty XmlSchemaSet object.

Security noteSecurity Note
  • Do not use schemas from unknown or untrusted sources or locations. Doing so will compromise the security of your code.

  • XML schemas (including inline schemas) are inherently vulnerable to denial of service attacks; do not accept them in untrusted scenarios.

  • Schema validation error messages and exceptions may expose sensitive information about the content model or URI paths to the schema file. Be careful not to expose this information to untrusted callers.

  • For additional information, see the "Security considerations" section.

The XmlSchemaSet class only supports XML Schema definition language (XSD) schemas. XmlReader instances created by the Create method cannot be configured to enable XML-Data Reduced (XDR) schema validation.

Security considerations

  • Do not use schemas from unknown or untrusted sources. Doing so will compromise the security of your code. The XmlUrlResolver class is used to resolve external schemas by default. To disable resolution of include, import, and redefine elements of a schema, set the XmlSchemaSet.XmlResolver property to null.

  • Exceptions raised as a result of using the XmlSchemaSet class, such as the XmlSchemaException class may contain sensitive information that should not be exposed in untrusted scenarios. For example, the SourceUri property of an XmlSchemaException returns the URI path to the schema file that caused the exception. The SourceUri property should not be exposed in untrusted scenarios. Exceptions should be properly handled so that this sensitive information is not exposed in untrusted scenarios.

The example below uses the XmlReaderSettings object and the XmlReader.Create method to associate a schema with an XML document. The schema is added to the Schemas property of the XmlReaderSettings object. The value of the Schemas property is an XmlSchemaSet object. The schema is used to validate that the XML document conforms to the schema content model. Schema validation errors and warnings are handled by the ValidationEventHandler defined in the XmlReaderSettings object.

using System;
using System.Xml;
using System.Xml.Schema;

class XmlSchemaSetExample
{
    static void Main()
    {
        XmlReaderSettings booksSettings = new XmlReaderSettings();
        booksSettings.Schemas.Add("http://www.contoso.com/books", "books.xsd");
        booksSettings.ValidationType = ValidationType.Schema;
        booksSettings.ValidationEventHandler += new ValidationEventHandler(booksSettingsValidationEventHandler);

        XmlReader books = XmlReader.Create("books.xml", booksSettings);

        while (books.Read()) { }
    }

    static void booksSettingsValidationEventHandler(object sender, ValidationEventArgs e)
    {
        if (e.Severity == XmlSeverityType.Warning)
        {
            Console.Write("WARNING: ");
            Console.WriteLine(e.Message);
        }
        else if (e.Severity == XmlSeverityType.Error)
        {
            Console.Write("ERROR: ");
            Console.WriteLine(e.Message);
        }
    }
}

The example uses the books.xml file as input.

<bookstore xmlns="http://www.contoso.com/books">
  <book genre="autobiography" publicationdate="1981" ISBN="1-861003-11-0">
    <title>The Autobiography of Benjamin Franklin</title>
    <author>
      <first-name>Benjamin</first-name>
      <last-name>Franklin</last-name>
    </author>
    <price>8.99</price>
  </book>
  <book genre="novel" publicationdate="1967" ISBN="0-201-63361-2">
    <title>The Confidence Man</title>
    <author>
      <first-name>Herman</first-name>
      <last-name>Melville</last-name>
    </author>
    <price>11.99</price>
  </book>
  <book genre="philosophy" publicationdate="1991" ISBN="1-861001-57-6">
    <title>The Gorgias</title>
    <author>
      <name>Plato</name>
    </author>
    <price>9.99</price>
  </book>
</bookstore>

The example uses the books.xsd file as an input.

<?xml version="1.0" encoding="utf-8"?>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" targetNamespace="http://www.contoso.com/books" xmlns:xs="http://www.w3.org/2001/XMLSchema">
    <xs:element name="bookstore">
        <xs:complexType>
            <xs:sequence>
                <xs:element maxOccurs="unbounded" name="book">
                    <xs:complexType>
                        <xs:sequence>
                            <xs:element name="title" type="xs:string" />
                            <xs:element name="author">
                                <xs:complexType>
                                    <xs:sequence>
                                        <xs:element minOccurs="0" name="name" type="xs:string" />
                                        <xs:element minOccurs="0" name="first-name" type="xs:string" />
                                        <xs:element minOccurs="0" name="last-name" type="xs:string" />
                                    </xs:sequence>
                                </xs:complexType>
                            </xs:element>
                            <xs:element name="price" type="xs:decimal" />
                        </xs:sequence>
                        <xs:attribute name="genre" type="xs:string" use="required" />
                        <xs:attribute name="publicationdate" type="xs:unsignedShort" use="required" />
                        <xs:attribute name="ISBN" type="xs:string" use="required" />
                    </xs:complexType>
                </xs:element>
            </xs:sequence>
        </xs:complexType>
    </xs:element>
</xs:schema>

.NET Framework

Supported in: 4.5.2, 4.5.1, 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft