Re: [xml] Disable external entity processing

On Tue, Mar 05, 2013 at 11:31:44AM -0400, Breno Silva wrote:

I'm parsing XML data using simple API :

xmlCreatePushParserCtxt(NULL, NULL, buf, size, "file.xml");
xmlParseChunk(ctx, buf, size, 0);

I would like to get some direction of how can i disable external entities
to be processed like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE bar [
<!ENTITY % external SYSTEM "http://externalhost/ext.xml";>



  That should be the default but it seems libxml2 still does it
without asking to load entities or DTD when referencing a parameter
entity in the internal subset, annoying.
  I suggest you add the XML_PARSE_NONET option when creating the parser
as a first measure. It will still check in the /etc/xml/catalog to find
if there is a local resource in the catalog for the referenced URI but
it will not open an outside connection.


Daniel Veillard      | Open Source and Standards, Red Hat
veillard redhat com  | libxml Gnome XML XSLT toolkit | virtualization library

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]