Re: [xml] Disable external entity processing

From: Daniel Veillard <veillard redhat com>
To: Breno Silva <breno silva gmail com>
Cc: xml gnome org
Subject: Re: [xml] Disable external entity processing
Date: Wed, 6 Mar 2013 15:04:10 +0800

On Tue, Mar 05, 2013 at 11:31:44AM -0400, Breno Silva wrote:

Hello,

I'm parsing XML data using simple API :

xmlCreatePushParserCtxt(NULL, NULL, buf, size, "file.xml");
xmlParseChunk(ctx, buf, size, 0);

I would like to get some direction of how can i disable external entities
to be processed like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE bar [
<!ENTITY % external SYSTEM "http://externalhost/ext.xml";>
%external;
%a;
%b;
]>

Thanks

Breno


  That should be the default but it seems libxml2 still does it
without asking to load entities or DTD when referencing a parameter
entity in the internal subset, annoying.
  I suggest you add the XML_PARSE_NONET option when creating the parser
as a first measure. It will still check in the /etc/xml/catalog to find
if there is a local resource in the catalog for the referenced URI but
it will not open an outside connection.

Daniel

-- 
Daniel Veillard      | Open Source and Standards, Red Hat
veillard redhat com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/

References:
- Re: [xml] Disable external entity processing
  - From: Breno Silva

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]