問題描述

嘗試在 C# 應(yīng)用程序中解析 XML 文檔時(shí)遇到此錯(cuò)誤:

I'm getting this error when trying to parse through an XML document in a C# application:

出于安全原因，此 XML 文檔中禁止使用 DTD.要啟用 DTD 處理，請(qǐng)將 XmlReaderSettings 上的 ProhibitDtd 屬性設(shè)置為 false，并將設(shè)置傳遞給 XmlReader.Create 方法."

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

作為參考，異常發(fā)生在以下代碼的第二行:

For reference, the exception occurred at the second line of the following code:

using (XmlReader reader = XmlReader.Create(uri))
{
    reader.MoveToContent(); //here

    while (reader.Read()) //(code to parse xml doc follows).

我對(duì) Xml 的了解非常有限，我不知道 DTD 處理是什么，也不知道如何執(zhí)行錯(cuò)誤消息提示的操作.關(guān)于可能導(dǎo)致此問題的原因以及如何解決此問題的任何幫助?謝謝...

My knowledge of Xml is pretty limited and I have no idea what DTD processing is nor how to do what the error message suggests. Any help as to what may be causing this and how to fix it? thanks...

推薦答案

請(qǐng)注意，settings.ProhibitDtd 現(xiàn)在已經(jīng)過時(shí)，請(qǐng)改用 DtdProcessing:(Ignore、Parse 或 Prohibit 的新選項(xiàng))

Note that settings.ProhibitDtd is now obsolete, use DtdProcessing instead: (new options of Ignore, Parse, or Prohibit)

XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;

如本文所述:十億笑 XML DoS 攻擊如何工作?

您應(yīng)該限制字符數(shù)以避免 DoS 攻擊:

you should add a limit to the number of characters to avoid DoS attacks:

XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;
settings.MaxCharactersFromEntities = 1024;

這篇關(guān)于xml 文檔異常中禁止的 DTD的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！