Represents a reader that provides fast, non-cached, forward-only access to XML data.
Assembly: System.Xml (in System.Xml.dll)
In the .NET Framework version 2.0 release, the recommended practice is to create XmlReader instances using the XmlReader.Create method. This allows you to take full advantage of the new features introduced in this release. For more information, see Creating XML Readers.
provides forward-only, read-only access to a stream of XML data. The current node refers to the node on which the reader is positioned. The reader is advanced using any of the read methods and properties reflect the value of the current node.
This class implements XmlReader and conforms to the W3C Extensible Markup Language (XML) 1.0 and the Namespaces in XML recommendations. XmlTextReader provides the following functionality:
Enforces the rules of well-formed XML.
XmlTextReader does not provide data validation.
Checks that DocumentType nodes are well-formed. XmlTextReader checks the DTD for well-formedness, but does not validate using the DTD.
The actual declarations of entities in the DTD are called Entity nodes. When you refer to these nodes in your data, they are called EntityReference nodes.
Does not expand default attributes.
Because the XmlTextReader does not perform the extra checks required for data validation, it provides a fast well-formedness parser.
XmlTextReader throws an XmlException on XML parse errors. After an exception is thrown the state of the reader is not predictable. For example, the reported node type may be different than the actual node type of the current node. Use the ReadState property to check whether a reader is in error state.
For further discussion on the XmlReader classes, see Reading XML with the XmlReader.
The following are things to consider when using the class.
Exceptions thrown the can disclose path information that you do not want bubbled up to the application. Your applications must catch exceptions and process them appropriately.
DTD processing is enabled by default. Disable DTD processing if you are concerned about Denial of Service issues or if you are dealing with untrusted sources. Set the ProhibitDtd property to true to disable DTD processing.
If you have DTD processing enabled, you can use the XmlSecureResolver to restrict the resources that the can access. You can also design your application so that the XML processing is memory and time constrained. For example, configure time-out limits in your ASP.NET application.
XML data can include references to external resources such as a DTD file. By default external resources are resolved using an XmlUrlResolver object with no user credentials. You can secure this further by doing one of the following:
XML data can contain a large number of attributes, namespace declarations, nested elements and so on that require a substantial amount of time to process. To limit the size of the input that is sent to the , create a custom IStream implementation and supply it the .
The ReadValueChunk method can be used to handle large streams of data. This method reads a small number of characters at a time instead of allocating a single string for the whole value.
By default general entities are not expanded. General entities are expanded when you call the ResolveEntity method.
This class has an inheritance demand. Full trust is required to inherit from XmlTextReader. See Inheritance Demands for more information.
Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98, Windows CE, Windows Mobile for Smartphone, Windows Mobile for Pocket PC, Xbox 360, Zune