1

We read our XML template files using System.Xml.XmlTextReader. If there is XXE in the XML file we're reading, will that XXE be processed?

If so, major security problem. Can it be turned off?

thanks - dave

David Thielen
  • 22,779
  • 27
  • 83
  • 163
  • 1
    This may help (https://stackoverflow.com/questions/32203024/how-to-configure-the-xml-parser-to-disable-external-entity-resolution-in-c-sharp) – Ryan Wilson Aug 15 '18 at 14:56
  • 1
    Covered extensively [by owasp](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#.NET). – Hans Passant Aug 15 '18 at 14:57

0 Answers0