問題描述

嘗試在 C# 應用程序中解析 XML 文檔時遇到此錯誤:

I'm getting this error when trying to parse through an XML document in a C# application:

出于安全原因，此 XML 文檔中禁止使用 DTD.要啟用 DTD 處理，請將 XmlReaderSettings 上的 ProhibitDtd 屬性設置為 false，并將設置傳遞給 XmlReader.Create 方法."

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

作為參考，異常發生在以下代碼的第二行:

For reference, the exception occurred at the second line of the following code:

using (XmlReader reader = XmlReader.Create(uri))
{
    reader.MoveToContent(); //here

    while (reader.Read()) //(code to parse xml doc follows).

我對 Xml 的了解非常有限，我不知道 DTD 處理是什么，也不知道如何執行錯誤消息提示的操作.關于可能導致此問題的原因以及如何解決此問題的任何幫助?謝謝...

My knowledge of Xml is pretty limited and I have no idea what DTD processing is nor how to do what the error message suggests. Any help as to what may be causing this and how to fix it? thanks...

推薦答案

請注意，settings.ProhibitDtd 現在已經過時，請改用 DtdProcessing:(Ignore、Parse 或 Prohibit 的新選項)

Note that settings.ProhibitDtd is now obsolete, use DtdProcessing instead: (new options of Ignore, Parse, or Prohibit)

XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;

如本文所述:十億笑 XML DoS 攻擊如何工作?

您應該限制字符數以避免 DoS 攻擊:

you should add a limit to the number of characters to avoid DoS attacks:

XmlReaderSettings settings = new XmlReaderSettings();
settings.DtdProcessing = DtdProcessing.Parse;
settings.MaxCharactersFromEntities = 1024;

這篇關于xml 文檔異常中禁止的 DTD的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！