XmlTextReader.ProhibitDtd 属性

定义

注意

Use DtdProcessing property instead.

获取或设置一个值,该值指示是否允许 DTD 处理。Gets or sets a value indicating whether to allow DTD processing. 此属性已过时。This property is obsolete. 请改用 DtdProcessingUse DtdProcessing instead.

public:
 property bool ProhibitDtd { bool get(); void set(bool value); };
[System.Obsolete("Use DtdProcessing property instead.")]
public bool ProhibitDtd { get; set; }
public bool ProhibitDtd { get; set; }
[<System.Obsolete("Use DtdProcessing property instead.")>]
member this.ProhibitDtd : bool with get, set
member this.ProhibitDtd : bool with get, set
Public Property ProhibitDtd As Boolean

属性值

Boolean

如果不允许 DTD 处理,则为 true;否则为 falsetrue to disallow DTD processing; otherwise false. 默认值为 falseThe default is false.

属性

注解

备注

从 .NET Framework 2.0 开始,我们建议 XmlReader 使用方法创建实例 XmlReader.Create 以利用新功能。Starting with the .NET Framework 2.0, we recommend that you create XmlReader instances by using the XmlReader.Create method to take advantage of new functionality.

默认情况下,将启用 DTD 处理以便向后兼容。DTD processing is enabled by default for backwards compatibility. 但是,除非你的应用程序需要 DTD 处理,否则你应禁用此设置。However, unless your application requires DTD processing, you should disable this setting. 禁用 DTD 处理对避免受到某些拒绝服务攻击非常有用。Disabling DTD processing can be useful in preventing certain denial of service attacks. 如果设置为 true ,则读取器 XmlException 在遇到任何 DTD 内容时将引发。If set to true, the reader throws an XmlException when any DTD content is encountered.

如果已启用 DTD 处理,则需要注意包含来自不受信任源的 Dtd 以及可能的拒绝服务攻击。If you have DTD processing enabled, you need to be aware of including DTDs from untrusted sources and possible denial of service attacks. 使用 XmlSecureResolver 限制 XmlTextReader 可以访问的资源。Use the XmlSecureResolver to restrict the resources that the XmlTextReader can access. 还可以设计应用程序以使 XML 处理受内存和时间的约束。You can also design your application so that the XML processing is memory and time constrained. 例如,在 ASP.NET 应用程序中配置超时限制For example, configure time-out limits in your ASP.NET application

适用于

另请参阅