XmlDocument.Load无法处理DTD？ [英] XmlDocument.Load not processing DTD?

问题描述

我正在尝试构建&开发安全性POC，此代码是我提取到较小应用程序中的应用程序的一部分，因为我在使用它时遇到了一些困难。

I am trying to build & develop a Security POC, this code is part of an app that I've extracted into a smaller app because I am having some difficulty with it.

 String str = "<?xml version=\"1.0\"?><!DOCTYPE foo[<!ELEMENT foo ANY> <!ENTITY word \"A\">]><foo>&word;</foo>";
   System.Xml.XmlDocument xDoc = new System.Xml.XmlDocument();  
  xDoc.LoadXml(str);
 xDoc.Save(@"C:\Temp\xdoc.xml");

考虑xml字符串包含DTD实体字，该字在我的实际xml中被引用。加载文档后，我希望DTD得到处理，因此用字符串 A替换xml中引用的实体 word。然后将整个文档写回到磁盘。但是，当我检查xDoc.xml时。实体扩展/替换尚未发生。

Consider the xml string contains a DTD entity word, which is referenced in my actual xml. When the document is loaded I would expect the DTD To get processed and therefore replace the entity "word" referred to in my xml with the character string "A". Then write the whole document back out to disk. However when I examine xDoc.xml. The Entity expansion/replacement hasn't happened.

为什么不呢？

推荐答案

您可以在您使用的 LoadXml 方法的文档在您的代码中使用：

You can find the following in the documentation of LoadXml method which you use in your code:

此方法不执行DTD或模式验证。如果您希望进行
验证，请使用 Load 方法并将其传递给
XmlValidatingReader 。有关加载时
验证的示例，请参见 XmlDocument

This method does not do DTD or Schema validation. If you want validation to occur, use the Load method and pass it an XmlValidatingReader. See XmlDocument for an example of load-time validation

文章，此和其他许多示例都提供了DTD验证的代码示例。

The article, this one and many other provide code examples of DTD validation.

这篇关于XmlDocument.Load无法处理DTD？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！