prohibit-dtd Feature

Article
10/27/2016

This feature determines whether the SAX reader will prohibit (true) or allow (false) the use of DTDs.

This property has security implications. For more information, see MSXML Security Overview and SAX2 Security.

JScript Syntax

oSaxReader.putFeature(strFeature, vBool);  
vBool= oSaxReader.getFeature(strFeature);

Visual Basic Syntax

oSaxReader.putFeature
(strFeature, vBool)  
vBool= oSaxReader.getFeature
(strFeature)

C/C++ Syntax

HRESULT putFeature(BSTR strFeature, VARIANT vBool);  
HRESULT getFeature(BSTR strFeature, VARIANT* vBool);

Value

strFeature
A BSTR string whose value is "prohibit-dtd ".

vBool
A VARIANT_BOOL value of true or false that indicates the value of the feature. If this feature is set to true, the SAX reader prohibits the inclusion of a DTD. If false, the SAX reader will allow a DTD to be included. For MSXML 3.0, 4.0, and 5.0, the default is false. For MSXML 6.0, the default is true.

Remarks

This feature allows you to prohibit DTD use in SAX parsing. Prohibiting DTDs can help prevent a denial of service attack in some situations. For example, if a DTD is permitted, an application might hang when attempting to resolve a large number of entity references included with the DTD. Setting this feature to true avoids this potential problem. If a DTD is included when prohibit-dtd is true, SAX will return a parser error of "Invalid at the top level of the document" (XML_E_INVALIDATROOTLEVEL, 0xE52D).

When the SAX reader is actively parsing, this feature is read-only. When the SAX reader is not actively parsing, full (read/write) access is permitted.

Applies to

Interface: ISAXXMLReader

Method: putFeature | getFeature

Versioning

Implemented in: MSXML 3.0 and later