On Tue, Mar 05, 2013 at 11:31:44AM -0400, Breno Silva wrote: > Hello, > > I'm parsing XML data using simple API : > > xmlCreatePushParserCtxt(NULL, NULL, buf, size, "file.xml"); > xmlParseChunk(ctx, buf, size, 0); > > I would like to get some direction of how can i disable external entities > to be processed like: > > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE bar [ > <!ENTITY % external SYSTEM "http://externalhost/ext.xml";> > %external; > %a; > %b; > ]> > > Thanks > > Breno
That should be the default but it seems libxml2 still does it without asking to load entities or DTD when referencing a parameter entity in the internal subset, annoying. I suggest you add the XML_PARSE_NONET option when creating the parser as a first measure. It will still check in the /etc/xml/catalog to find if there is a local resource in the catalog for the referenced URI but it will not open an outside connection. Daniel -- Daniel Veillard | Open Source and Standards, Red Hat [email protected] | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/ _______________________________________________ xml mailing list, project page http://xmlsoft.org/ [email protected] https://mail.gnome.org/mailman/listinfo/xml
