Skip to content

Commit 4e38668

Browse files
Repo AssistCopilot
authored and
github-actions[bot]
committed
Set DtdProcessing.Parse explicitly as the default for XML parsing
DtdProcessing.Parse is the default on .NET Core and was the behavior before the XXE fix that was reverted (#1633). Making this explicit ensures the intended behavior is clear and documented in code. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent af8c740 commit 4e38668

1 file changed

Lines changed: 18 additions & 3 deletions

File tree

src/FSharp.Data.Xml.Core/XmlRuntime.fs

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ namespace FSharp.Data.Runtime.BaseTypes
66

77
open System.ComponentModel
88
open System.IO
9+
open System.Xml
910
open System.Xml.Linq
1011

1112
#nowarn "10001"
@@ -56,7 +57,12 @@ type XmlElement =
5657
IsError = false)>]
5758
static member Create(reader: TextReader) =
5859
use reader = reader
59-
let element = XDocument.Load(reader, LoadOptions.PreserveWhitespace).Root
60+
61+
let settings =
62+
XmlReaderSettings(DtdProcessing = DtdProcessing.Parse)
63+
64+
use xmlReader = XmlReader.Create(reader, settings)
65+
let element = XDocument.Load(xmlReader, LoadOptions.PreserveWhitespace).Root
6066
{ XElement = element }
6167

6268
/// <exclude />
@@ -69,12 +75,21 @@ type XmlElement =
6975
use reader = reader
7076
let text = reader.ReadToEnd()
7177

78+
let settings =
79+
XmlReaderSettings(DtdProcessing = DtdProcessing.Parse)
80+
7281
try
73-
XDocument.Parse(text, LoadOptions.PreserveWhitespace).Root.Elements()
82+
use stringReader = new StringReader(text)
83+
use xmlReader = XmlReader.Create(stringReader, settings)
84+
85+
XDocument.Load(xmlReader, LoadOptions.PreserveWhitespace).Root.Elements()
7486
|> Seq.map (fun value -> { XElement = value })
7587
|> Seq.toArray
7688
with _ when text.TrimStart().StartsWith "<" ->
77-
XDocument.Parse("<root>" + text + "</root>", LoadOptions.PreserveWhitespace).Root.Elements()
89+
use stringReader = new StringReader("<root>" + text + "</root>")
90+
use xmlReader = XmlReader.Create(stringReader, settings)
91+
92+
XDocument.Load(xmlReader, LoadOptions.PreserveWhitespace).Root.Elements()
7893
|> Seq.map (fun value -> { XElement = value })
7994
|> Seq.toArray
8095

0 commit comments

Comments
 (0)