We are using Xerces C++ DOMLSParser. I want to disable External Entities but could not find anything for DOMLSParser.
How to disable Loading External Entities to prevent XXE attacks?
Asked
Active
Viewed 854 times
1 Answers
0
xercesc::DOMImplementation* impl = xercesc::DOMImplementationRegistry::getDOMImplementation (u"LS");
xercesc::DOMLSParser* parser = impl->createLSParser(xercesc::DOMImplementationLS::MODE_SYNCHRONOUS, nullptr);
xercesc::DOMConfiguration* conf = parser->getDomConfig();
conf->setParameter(xercesc::XMLUni::fgDOMEntities, false);
Documentation: https://xerces.apache.org/xerces-c/program-dom-3.html (search for fgDOMEntities)
jay.sf
- 60,139
- 8
- 53
- 110
Arne Luenser
- 3
- 2