Skip to content

XmlReaderWriterSettings.AllowDtdProcessing property

Defined in

Type: XmlReaderWriterSettings Namespace: Refit Assembly: Refit.Xml.dll

Applies to

net10.0, net10.0-browserwasm1.0, net10.0-desktop1.0, net9.0, net9.0-browserwasm1.0, net9.0-desktop1.0, net8.0, net8.0-ios17.5, net8.0-maccatalyst17.5, net8.0-macos14.2, net8.0-macos14.5, net8.0-tvos17.2, netstandard2.1, net462, net481, net471

Deprecated

Enabling DTD processing re-opens XML External Entity (XXE) and entity-expansion attacks and is strongly discouraged. Only set this for XML from a fully trusted source.

Attributes: [Obsolete("Enabling DTD processing re-opens XML External Entity (XXE) and entity-expansion attacks and is strongly discouraged. Only set this for XML from a fully trusted source.")]

public bool AllowDtdProcessing { get; set; }

View source

Summary: Gets or sets a value indicating whether DTD processing is left to the caller-supplied reader settings instead of being forced off (defaults to false).

Returns: bool

Remarks

By default Refit forces Prohibit and clears the XmlResolver on every access so a hostile XML response cannot trigger an XML External Entity (XXE) or entity-expansion ("billion laughs") attack. Setting this to true disables that safeguard and honors whatever DtdProcessing/XmlResolver you configured on ReaderSettings.

This is intentionally marked obsolete: only enable it for XML from a fully trusted source, and prefer pre-processing untrusted documents instead.