Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This feature determines whether the SAX reader will prohibit (true) or allow (false) the use of DTDs.
This property has security implications. For more information, see MSXML Security Overview and SAX2 Security.
JScript Syntax
oSaxReader.putFeature(strFeature, vBool);
vBool= oSaxReader.getFeature(strFeature);
Visual Basic Syntax
oSaxReader.putFeature
(strFeature, vBool)
vBool= oSaxReader.getFeature
(strFeature)
C/C++ Syntax
HRESULT putFeature(BSTR strFeature, VARIANT vBool);
HRESULT getFeature(BSTR strFeature, VARIANT* vBool);
Value
strFeature
A BSTR string whose value is "prohibit-dtd ".
vBool
A VARIANT_BOOL value of true or false that indicates the value of the feature. If this feature is set to true, the SAX reader prohibits the inclusion of a DTD. If false, the SAX reader will allow a DTD to be included. For MSXML 3.0, 4.0, and 5.0, the default is false. For MSXML 6.0, the default is true.
Remarks
This feature allows you to prohibit DTD use in SAX parsing. Prohibiting DTDs can help prevent a denial of service attack in some situations. For example, if a DTD is permitted, an application might hang when attempting to resolve a large number of entity references included with the DTD. Setting this feature to true avoids this potential problem. If a DTD is included when prohibit-dtd is true, SAX will return a parser error of "Invalid at the top level of the document" (XML_E_INVALIDATROOTLEVEL, 0xE52D).
When the SAX reader is actively parsing, this feature is read-only. When the SAX reader is not actively parsing, full (read/write) access is permitted.
Applies to
Interface: ISAXXMLReader
Method: putFeature | getFeature
Versioning
Implemented in: MSXML 3.0 and later