XmlReaderWriterSettings.AllowDtdProcessing property¶
Defined in
Type: XmlReaderWriterSettings
Namespace: Refit
Assembly: Refit.Xml.dll
Applies to
net10.0, net10.0-browserwasm1.0, net10.0-desktop1.0, net9.0, net9.0-browserwasm1.0, net9.0-desktop1.0, net8.0, net8.0-ios17.5, net8.0-maccatalyst17.5, net8.0-macos14.2, net8.0-macos14.5, net8.0-tvos17.2, netstandard2.1, net462, net481, net471
Deprecated
Enabling DTD processing re-opens XML External Entity (XXE) and entity-expansion attacks and is strongly discouraged. Only set this for XML from a fully trusted source.
Attributes: [Obsolete("Enabling DTD processing re-opens XML External Entity (XXE) and entity-expansion attacks and is strongly discouraged. Only set this for XML from a fully trusted source.")]
public bool AllowDtdProcessing { get; set; }
Summary:
Gets or sets a value indicating whether DTD processing is left to the caller-supplied reader settings
instead of being forced off (defaults to false).
Returns: bool
Remarks
By default Refit forces Prohibit and clears the XmlResolver
on every access so a hostile XML response cannot trigger an XML External Entity (XXE) or entity-expansion
("billion laughs") attack. Setting this to true disables that safeguard and honors whatever
DtdProcessing/XmlResolver you configured on ReaderSettings.
This is intentionally marked obsolete: only enable it for XML from a fully trusted source, and prefer pre-processing untrusted documents instead.