xml 文档异常中禁止的 DTD

问题描述

尝试在 C# 应用程序中解析 XML 文档时遇到此错误:

I'm getting this error when trying to parse through an XML document in a C# application:

出于安全原因，此 XML 文档中禁止使用 DTD.要启用 DTD 处理，请将 XmlReaderSettings 上的 ProhibitDtd 属性设置为 false，并将设置传递给 XmlReader.Create 方法."

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

作为参考，异常发生在以下代码的第二行:

For reference, the exception occurred at the second line of the following code:

using (XmlReader reader = XmlReader.Create(uri))
{
    reader.MoveToContent(); //here

    while (reader.Read()) //(code to parse xml doc follows).

我对 Xml 的了解非常有限，我不知道 DTD 处理是什么，也不知道如何执行错误消息提示的操作.关于可能导致此问题的原因以及如何解决此问题的任何帮助?谢谢...

My knowledge of Xml is pretty limited and I have no idea what DTD processing is nor how to do what the error message suggests. Any help as to what may be causing this and how to fix it? thanks...

推荐答案

请注意，settings.ProhibitDtd 现在已经过时，请改用 DtdProcessing:(Ignore、Parse 或 Prohibit 的新选项)

Note that settings.ProhibitDtd is now obsolete, use DtdProcessing instead: (new options of Ignore, Parse, or Prohibit)

XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;

如本文所述:十亿笑 XML DoS 攻击如何工作?

您应该限制字符数以避免 DoS 攻击:

you should add a limit to the number of characters to avoid DoS attacks:

XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;
settings.MaxCharactersFromEntities = 1024;

这篇关于xml 文档异常中禁止的 DTD的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！