XmlReaderSettings.MaxCharactersFromEntities Property
[ This article is for Windows Phone 8 developers. If you’re developing for Windows 10, see the latest documentation. ]
Gets or sets a value indicating the maximum allowable number of characters in a document that result from expanding entities.
Assembly: System.Xml (in System.Xml.dll)
Property Value
Type: System.Int64The maximum allowable number of characters from expanded entities. The default is 0.
A zero (0) value means no limits on the number of characters that result from expanding entities. A non-zero value specifies the maximum number of characters that can result from expanding entities.
If the reader attempts to read a document that contains entities such that the expanded size will exceed this property, an XmlException will be thrown.
This property allows you to mitigate denial of service attacks where the attacker submits XML documents that attempt to exceed memory limits via expanding entities. By limiting the characters that result from expanded entities, you can detect the attack and recover reliably.