XmlReaderSettings 類別
定義
public ref class XmlReaderSettings sealedpublic sealed class XmlReaderSettingstype XmlReaderSettings = classPublic NotInheritable Class XmlReaderSettings- 繼承
-
XmlReaderSettings
範例
下列範例 XmlReader 會建立使用 XmlUrlResolver 具有必要認證的。The following example creates an XmlReader that uses an XmlUrlResolver with the necessary credentials.
// Create an XmlUrlResolver with the credentials necessary to access the Web server.
var resolver = new XmlUrlResolver();
var myCred = new NetworkCredential(UserName, SecurelyStoredPassword, Domain);
resolver.Credentials = myCred;
var settings = new XmlReaderSettings();
settings.XmlResolver = resolver;
// Create the reader.
XmlReader reader = XmlReader.Create("http://serverName/data/books.xml", settings);
' Create an XmlUrlResolver with the credentials necessary to access the Web server.
Dim resolver As New XmlUrlResolver()
Dim myCred As System.Net.NetworkCredential
myCred = New System.Net.NetworkCredential(UserName, SecurelyStoredPassword, Domain)
resolver.Credentials = myCred
Dim settings As New XmlReaderSettings()
settings.XmlResolver = resolver
' Create the reader.
Dim reader As XmlReader = XmlReader.Create("http://serverName/data/books.xml", settings)
備註
您可以使用 Create 方法來取得 XmlReader 實例。You use the Create method to obtain XmlReader instances. 這個方法會使用 XmlReaderSettings 類別來指定要在其所建立的物件中執行的功能 XmlReader 。This method uses the XmlReaderSettings class to specify which features to implement in the XmlReader object it creates.
請參閱和參考頁面的備註區段, XmlReader Create 以取得要用於一致性檢查、驗證和其他常見案例的設定資訊。See the Remarks sections of the XmlReader and Create reference pages for information about which settings to use for conformance checks, validation, and other common scenarios. 如需預設設定的清單,請參閱此函式 XmlReaderSettings() 。See the XmlReaderSettings() constructor for a list of default settings.
安全性考量Security considerations
使用類別時,請考慮下列事項 XmlReaderSettings 。Consider the following when using the XmlReaderSettings class.
依預設,不會設定 ProcessInlineSchema 物件的 ProcessSchemaLocation 及 XmlReaderSettings 驗證旗標。The ProcessInlineSchema and ProcessSchemaLocation validation flags of an XmlReaderSettings object are not set by default. 當設定這些旗標時,XmlResolver 物件的 XmlReaderSettings 可用於解析在 XmlReader 的執行個體文件中發現的結構描述位置。When these flags are set, the XmlResolver of the XmlReaderSettings object is used to resolve schema locations encountered in the instance document in the XmlReader. 如果 XmlResolver 物件是
null,即使已 ProcessInlineSchema ProcessSchemaLocation 設定和驗證旗標,也不會解析架構位置。If the XmlResolver object isnull, schema locations are not resolved even if the ProcessInlineSchema and ProcessSchemaLocation validation flags are set.驗證期間加入的結構描述會加入新型別,並可變更要驗證之物件的驗證結果。Schemas added during validation add new types and can change the validation outcome of the document being validated. 因此,外部結構描述應僅從受信任的來源解析。As a result, external schemas should only be resolved from trusted sources.
驗證錯誤訊息可能會公開機密內容模型資訊。Validation error messages may expose sensitive content model information. 驗證錯誤和警告訊息是使用委派處理的 ValidationEventHandler ,或是公開為, XmlSchemaValidationException 如果沒有提供物件的事件處理常式 XmlReaderSettings (驗證警告不會導致) XmlSchemaValidationException 擲回。Validation error and warning messages are handled using the ValidationEventHandler delegate, or are exposed as an XmlSchemaValidationException if no event handler is provided to the XmlReaderSettings object (validation warnings do not cause an XmlSchemaValidationException to be thrown). 此內容模型資訊不應該在未受信任的情況下公開。This content model information should not be exposed in untrusted scenarios. 預設會隱藏驗證警告訊息,並且可以藉由設定旗標來回報 ReportValidationWarnings 。Validation warning messages are suppressed by default and can be reported by setting the ReportValidationWarnings flag.
的 SourceUri 屬性會傳回 XmlSchemaValidationException 造成例外狀況之架構檔案的 URI 路徑。The SourceUri property of an XmlSchemaValidationException returns the URI path to the schema file that caused the exception. 在 SourceUri 不受信任的情況下,不應該公開屬性。The SourceUri property should not be exposed in untrusted scenarios.
ProcessIdentityConstraints當您在高可用性案例中驗證、不受信任的大型 XML 檔時,建議您停用預設啟用的旗標 () ,並對檔的大型部分具有身分識別條件約束的架構進行驗證。Disabling the ProcessIdentityConstraints flag (enabled by default) is recommended when validating, untrusted, large XML documents in high availability scenarios against a schema with identity constraints over a large part of the document.
XmlReaderSettings 物件可以包含機密資訊 (如使用者認證)。XmlReaderSettings objects can contain sensitive information such as user credentials. 快取 XmlReaderSettings 物件,或將 XmlReaderSettings 物件從一個元件傳遞至另一元件時,請務必小心。You should be careful when caching XmlReaderSettings objects, or when passing the XmlReaderSettings object from one component to another.
DTD 處理預設會停用。DTD processing is disabled by default. 如果您啟用 DTD 處理,您必須注意包括來自不受信任來源的 Dtd,以及可能的阻斷服務攻擊。If you enable DTD processing, you need to be aware of including DTDs from untrusted sources and possible denial of service attacks. 使用 XmlSecureResolver 來限制 XmlReader 可存取的資源。Use the XmlSecureResolver to restrict the resources that the XmlReader can access.
請不要接受來自不受信任來源的支援元件,如 NameTable、XmlNamespaceManager 及 XmlResolver 物件。Do not accept supporting components, such as NameTable, XmlNamespaceManager, and XmlResolver objects, from an untrusted source.
使用 XmlReader 之應用程式的記憶體使用量可能與剖析的 XML 文件大小相互關聯。Memory usage of an application that uses XmlReader may have a correlation to the size of the parsed XML document. 一種形式的阻絕服務攻擊發生於送出過多的 XML 文件進行剖析時。One form of denial of service attack is when excessively large XML documents are submitted to be parsed. 您可以藉由設定屬性來限制可剖析的檔案大小 MaxCharactersInDocument ,然後藉由設定屬性來限制擴充實體所產生的字元數 MaxCharactersFromEntities 。You can limit the size of the document that can be parsed by setting the MaxCharactersInDocument property and then limit the number of characters that result from expanding entities by setting the MaxCharactersFromEntities property.
建構函式
| XmlReaderSettings() |
初始化 XmlReaderSettings 類別的新執行個體。Initializes a new instance of the XmlReaderSettings class. |
| XmlReaderSettings(XmlResolver) |
已過時。
初始化 XmlReaderSettings 類別的新執行個體。Initializes a new instance of the XmlReaderSettings class. |
屬性
| Async |
取得或設定非同步 XmlReader 方法是否可以用於特定 XmlReader 執行個體。Gets or sets whether asynchronous XmlReader methods can be used on a particular XmlReader instance. |
| CheckCharacters |
取得或設定值,綁表示是否要執行字元檢查。Gets or sets a value indicating whether to do character checking. |
| CloseInput |
取得或設定值,指出是否應該在關閉讀取器時關閉基礎資料流或 TextReader。Gets or sets a value indicating whether the underlying stream or TextReader should be closed when the reader is closed. |
| ConformanceLevel |
取得或設定 XmlReader 要遵循的一致性層級。Gets or sets the level of conformance which the XmlReader will comply. |
| DtdProcessing |
取得或設定決定 DTD 處理的值。Gets or sets a value that determines the processing of DTDs. |
| IgnoreComments |
取得或設定值,指出是否忽略註解。Gets or sets a value indicating whether to ignore comments. |
| IgnoreProcessingInstructions |
取得或設定值,指出是否忽略處理指示。Gets or sets a value indicating whether to ignore processing instructions. |
| IgnoreWhitespace |
取得或設定值,指出是否忽略不重要的空白字元。Gets or sets a value indicating whether to ignore insignificant white space. |
| LineNumberOffset |
取得或設定 XmlReader 物件的行號位移。Gets or sets line number offset of the XmlReader object. |
| LinePositionOffset |
取得或設定 XmlReader 物件的行位置位移。Gets or sets line position offset of the XmlReader object. |
| MaxCharactersFromEntities |
取得或設定值,指出文件中產生自展開實體的最大可允許字元數。Gets or sets a value indicating the maximum allowable number of characters in a document that result from expanding entities. |
| MaxCharactersInDocument |
取得或設定值,指出 XML 文件中最大可允許字元數。Gets or sets a value indicating the maximum allowable number of characters in an XML document. 零 (0) 的值表示對 XML 文件大小沒有限制。A zero (0) value means no limits on the size of the XML document. 非零值指定大小上限,以字元為單位。A non-zero value specifies the maximum size, in characters. |
| NameTable |
取得或設定用來比較已擷取字串的 XmlNameTable。Gets or sets the XmlNameTable used for atomized string comparisons. |
| ProhibitDtd |
已過時。
取得或設定值,表示是否禁止物件類型定義 (DTD) 處理。Gets or sets a value indicating whether to prohibit document type definition (DTD) processing. 這個屬性已經過時。This property is obsolete. 請改用 DtdProcessing。Use DtdProcessing instead. |
| Schemas |
取得或設定要在執行結構描述驗證時使用的 XmlSchemaSet。Gets or sets the XmlSchemaSet to use when performing schema validation. |
| ValidationFlags |
取得或設定值,表示結構描述驗證設定。Gets or sets a value indicating the schema validation settings. 這個設定會套用至可驗證結構描述的 XmlReader 物件 (ValidationType 屬性設為 |
| ValidationType |
取得或設定值,指出 XmlReader 是否會在讀取時執行驗證或類型指派。Gets or sets a value indicating whether the XmlReader will perform validation or type assignment when reading. |
| XmlResolver |
設定用來存取外部文件的 XmlResolver。Sets the XmlResolver used to access external documents. |
方法
| Clone() |
建立 XmlReaderSettings 執行個體的複本。Creates a copy of the XmlReaderSettings instance. |
| Equals(Object) |
判斷指定的物件是否等於目前的物件。Determines whether the specified object is equal to the current object. (繼承來源 Object) |
| GetHashCode() |
做為預設雜湊函式。Serves as the default hash function. (繼承來源 Object) |
| GetType() |
取得目前執行個體的 Type。Gets the Type of the current instance. (繼承來源 Object) |
| MemberwiseClone() |
建立目前 Object 的淺層複製。Creates a shallow copy of the current Object. (繼承來源 Object) |
| Reset() |
將設定類別的成員重設為其預設值。Resets the members of the settings class to their default values. |
| ToString() |
傳回代表目前物件的字串。Returns a string that represents the current object. (繼承來源 Object) |
事件
| ValidationEventHandler |
發生於讀取器遇到驗證錯誤時。Occurs when the reader encounters validation errors. |