XmlReaderSettings 类
定义
public ref class XmlReaderSettings sealedpublic sealed class XmlReaderSettingstype XmlReaderSettings = classPublic NotInheritable Class XmlReaderSettings- 继承
-
XmlReaderSettings
示例
下面的示例创建一个XmlReader , 它将XmlUrlResolver与所需的凭据一起使用。The following example creates an XmlReader that uses an XmlUrlResolver with the necessary credentials.
// Create an XmlUrlResolver with the credentials necessary to access the Web server.
XmlUrlResolver resolver = new XmlUrlResolver();
System.Net.NetworkCredential myCred;
myCred = new System.Net.NetworkCredential(UserName,SecurelyStoredPassword,Domain);
resolver.Credentials = myCred;
XmlReaderSettings settings = new XmlReaderSettings();
settings.XmlResolver = resolver;
// Create the reader.
XmlReader reader = XmlReader.Create("http://serverName/data/books.xml", settings);
' Create an XmlUrlResolver with the credentials necessary to access the Web server.
Dim resolver As New XmlUrlResolver()
Dim myCred As System.Net.NetworkCredential
myCred = New System.Net.NetworkCredential(UserName, SecurelyStoredPassword, Domain)
resolver.Credentials = myCred
Dim settings As New XmlReaderSettings()
settings.XmlResolver = resolver
' Create the reader.
Dim reader As XmlReader = XmlReader.Create("http://serverName/data/books.xml", settings)
注解
使用Create方法获取XmlReader实例。You use the Create method to obtain XmlReader instances. 此方法使用XmlReaderSettings类指定在其创建的XmlReader对象中实现哪些功能。This method uses the XmlReaderSettings class to specify which features to implement in the XmlReader object it creates.
请参阅XmlReader和Create参考页的 "备注" 部分, 了解要用于一致性检查、验证和其他常见方案的设置。See the Remarks sections of the XmlReader and Create reference pages for information about which settings to use for conformance checks, validation, and other common scenarios. 有关默认设置的列表, 请参见构造函数。XmlReaderSettings()See the XmlReaderSettings() constructor for a list of default settings.
安全注意事项Security considerations
使用XmlReaderSettings类时, 请注意以下事项。Consider the following when using the XmlReaderSettings class.
默认情况下不设置 ProcessInlineSchema 对象的 ProcessSchemaLocation 和 XmlReaderSettings 验证标志。The ProcessInlineSchema and ProcessSchemaLocation validation flags of an XmlReaderSettings object are not set by default. 设置了这些标志后,XmlResolver 对象的 XmlReaderSettings 用于在 XmlReader 中解析实例文档中遇到的架构位置。When these flags are set, the XmlResolver of the XmlReaderSettings object is used to resolve schema locations encountered in the instance document in the XmlReader. 如果对象为
null, 则即使设置了ProcessInlineSchema和ProcessSchemaLocation验证标志, 也不会解析架构位置。 XmlResolverIf the XmlResolver object isnull, schema locations are not resolved even if the ProcessInlineSchema and ProcessSchemaLocation validation flags are set.在验证过程中添加的架构会添加新类型,并且可能更改被验证的文档的验证结果。Schemas added during validation add new types and can change the validation outcome of the document being validated. 因此,只应从可信的源解析外部架构。As a result, external schemas should only be resolved from trusted sources.
验证错误消息可能会暴露敏感内容模型信息。Validation error messages may expose sensitive content model information. 使用ValidationEventHandler委托处理验证错误和警告消息, XmlSchemaValidationException如果不向XmlReaderSettings XmlSchemaValidationException对象提供任何事件处理程序, 则会将其公开为 (验证警告不会导致引发)。Validation error and warning messages are handled using the ValidationEventHandler delegate, or are exposed as an XmlSchemaValidationException if no event handler is provided to the XmlReaderSettings object (validation warnings do not cause an XmlSchemaValidationException to be thrown). 不受信任的情况下不应公开此内容模型信息。This content model information should not be exposed in untrusted scenarios. 默认情况下, 会禁止显示验证警告消息, 并可通过ReportValidationWarnings设置标志来报告验证警告消息。Validation warning messages are suppressed by default and can be reported by setting the ReportValidationWarnings flag.
的SourceUri 属性XmlSchemaValidationException将返回引发异常的架构文件的 URI 路径。The SourceUri property of an XmlSchemaValidationException returns the URI path to the schema file that caused the exception. 不SourceUri应在不受信任的方案中公开属性。The SourceUri property should not be exposed in untrusted scenarios.
如果在高可用性方案中针对包含对文档大部分的标识约束的架构验证、不受信任的大型 XML 文档, 则建议禁用标志(默认启用)。ProcessIdentityConstraintsDisabling the ProcessIdentityConstraints flag (enabled by default) is recommended when validating, untrusted, large XML documents in high availability scenarios against a schema with identity constraints over a large part of the document.
XmlReaderSettings 对象可以包含敏感信息,例如用户凭据。XmlReaderSettings objects can contain sensitive information such as user credentials. 在缓存 XmlReaderSettings 对象时,或在将 XmlReaderSettings 对象从一个组件传递到另一个组件时,应小心。You should be careful when caching XmlReaderSettings objects, or when passing the XmlReaderSettings object from one component to another.
默认情况下禁用 DTD 处理。DTD processing is disabled by default. 如果启用 DTD 处理, 则需要注意包含来自不受信任源的 Dtd 以及可能的拒绝服务攻击。If you enable DTD processing, you need to be aware of including DTDs from untrusted sources and possible denial of service attacks. 使用限制XmlReader可以访问的资源。 XmlSecureResolverUse the XmlSecureResolver to restrict the resources that the XmlReader can access.
不接受来自不可信的源的支持组件,例如 NameTable、XmlNamespaceManager 和 XmlResolver 对象。Do not accept supporting components, such as NameTable, XmlNamespaceManager, and XmlResolver objects, from an untrusted source.
使用 XmlReader 的应用程序的内存使用量可能与分析的 XML 文档的大小有关。Memory usage of an application that uses XmlReader may have a correlation to the size of the parsed XML document. 拒绝服务攻击的一种形式是提交过大的 XML 文档进行分析。One form of denial of service attack is when excessively large XML documents are submitted to be parsed. 可以通过设置MaxCharactersInDocument属性来限制可分析的文档大小, 并通过MaxCharactersFromEntities设置属性来限制通过扩展实体而产生的字符数。You can limit the size of the document that can be parsed by setting the MaxCharactersInDocument property and then limit the number of characters that result from expanding entities by setting the MaxCharactersFromEntities property.
构造函数
| XmlReaderSettings() |
初始化 XmlReaderSettings 类的新实例。Initializes a new instance of the XmlReaderSettings class. |
| XmlReaderSettings(XmlResolver) |
初始化 XmlReaderSettings 类的新实例。Initializes a new instance of the XmlReaderSettings class. |
属性
| Async |
获取或设置是否可对特定 XmlReader 实例使用异步 XmlReader 方法。Gets or sets whether asynchronous XmlReader methods can be used on a particular XmlReader instance. |
| CheckCharacters |
获取或设置一个值,该值指示是否进行字符检查。Gets or sets a value indicating whether to do character checking. |
| CloseInput |
获取或设置一个值,该值指示当读取器关闭时,是否应关闭基础流或 TextReader。Gets or sets a value indicating whether the underlying stream or TextReader should be closed when the reader is closed. |
| ConformanceLevel |
获取或设置 XmlReader 将遵循的一致性级别。Gets or sets the level of conformance which the XmlReader will comply. |
| DtdProcessing |
获取或设置确定 DTD 的处理的值。Gets or sets a value that determines the processing of DTDs. |
| IgnoreComments |
获取或设置一个值,该值指示是否忽略注释。Gets or sets a value indicating whether to ignore comments. |
| IgnoreProcessingInstructions |
获取或设置一个值,该值指示是否忽略处理指令。Gets or sets a value indicating whether to ignore processing instructions. |
| IgnoreWhitespace |
获取或设置一个值,该值指示是否忽略无关紧要的空白区域。Gets or sets a value indicating whether to ignore insignificant white space. |
| LineNumberOffset |
获取或设置 XmlReader 对象的行号偏移量。Gets or sets line number offset of the XmlReader object. |
| LinePositionOffset |
获取或设置 XmlReader 对象的行位置偏移量。Gets or sets line position offset of the XmlReader object. |
| MaxCharactersFromEntities |
获取或设置一个值,该值指示文档中允许扩展实体产生的最大字符数。Gets or sets a value indicating the maximum allowable number of characters in a document that result from expanding entities. |
| MaxCharactersInDocument |
获取或设置一个值,该值指明 XML 文档中所允许的最大字符数。Gets or sets a value indicating the maximum allowable number of characters in an XML document. 零 (0) 值表示对 XML 文档的大小没有限制。A zero (0) value means no limits on the size of the XML document. 非零值指定最大大小(以字符数计)。A non-zero value specifies the maximum size, in characters. |
| NameTable |
获取或设置用于原子化字符串比较的 XmlNameTable。Gets or sets the XmlNameTable used for atomized string comparisons. |
| ProhibitDtd |
获取或设置一个值,该值指示是否禁用文档类型定义 (DTD) 处理。Gets or sets a value indicating whether to prohibit document type definition (DTD) processing. 此属性已过时。This property is obsolete. 请改用 DtdProcessing。Use DtdProcessing instead. |
| Schemas |
获取或设置在执行架构验证时使用的 XmlSchemaSet。Gets or sets the XmlSchemaSet to use when performing schema validation. |
| ValidationFlags |
获取或设置一个指示架构验证设置的值。Gets or sets a value indicating the schema validation settings. 此设置应用于验证架构的 XmlReader 对象(ValidationType 属性设置为 |
| ValidationType |
获取或设置一个值,该值指示 XmlReader 在读取时是否执行验证或类型分配。Gets or sets a value indicating whether the XmlReader will perform validation or type assignment when reading. |
| XmlResolver |
设置用来访问外部文档的 XmlResolver。Sets the XmlResolver used to access external documents. |
方法
| Clone() |
创建 XmlReaderSettings 实例的副本。Creates a copy of the XmlReaderSettings instance. |
| Equals(Object) |
确定指定的对象是否等于当前对象。Determines whether the specified object is equal to the current object. (继承自 Object) |
| GetHashCode() |
作为默认哈希函数。Serves as the default hash function. (继承自 Object) |
| GetType() |
获取当前实例的 Type。Gets the Type of the current instance. (继承自 Object) |
| MemberwiseClone() |
创建当前 Object 的浅表副本。Creates a shallow copy of the current Object. (继承自 Object) |
| Reset() |
将设置类的成员重置为各自的默认值。Resets the members of the settings class to their default values. |
| ToString() |
返回表示当前对象的字符串。Returns a string that represents the current object. (继承自 Object) |
事件
| ValidationEventHandler |
在读取器遇到验证错误时发生。Occurs when the reader encounters validation errors. |