3

I'm using the MathML DTD for parsing MathML using System.Xml.Linq. While the ordinary MathML stuff gets recognized fine, the MMLEXTRA include in the DTD gets ignored and I get errors. Here's the code I'm using:

  if (!string.IsNullOrWhiteSpace(mathML))
  {
    try
    {
      const string preamble =
          "<!DOCTYPE mml:math PUBLIC \"-//W3C//DTD MathML 2.0//EN\"\n" +
           "\"http://www.w3.org/Math/DTD/mathml2/mathml2.dtd\" [\n" +
           "<!ENTITY % MATHML.prefixed \"INCLUDE\">\n" +
           "<!ENTITY % MATHML.prefix \"mml\"> \n" +
         "]>";
      var parsed = Parser.Parse(preamble + Environment.NewLine + mathML);
      textEditor.Text = printed;
      lblStatus.Caption = "MathML successfully translated.";
    } 
    catch (Exception e)
    {
      lblStatus.Caption = "Cannot translate text. " + e.Message;
    }
  }

The parser simply does XDocument.Load(). Any help appreciated!

phuclv
  • 37,963
  • 15
  • 156
  • 475
Dmitri Nesteruk
  • 23,067
  • 22
  • 97
  • 166
  • @Kirk `Parser` is just a component that basically does `XDocument.Load`. The assumption is that this call would directly resolve all the MathML references, but it does not. – Dmitri Nesteruk Aug 22 '11 at 08:36

1 Answers1

6

From here

Entities in DTDs are inherently not secure. It is possible for a malicious XML document that contains a DTD to cause the parser to use all memory and CPU time, causing a denial of service attack. Therefore, in LINQ to XML, DTD processing is turned off by default. You should not accept DTDs from untrusted sources.

However, to enable it you should use XDocumentType class.

A couple of possible solutions:

XmlReaderSettings settings = new XmlReaderSettings();
settings.ProhibitDtd = false;

XmlReader reader = XmlReader.Create(Server.MapPath("filename"), settings);

XDocument doc = XDocument.Load(reader);

Or maybe:

 XDocument xDocument = new XDocument(new XDocumentType("Books",null,"Books.dtd", null),new XElement("Book"));

All information is from that same source

Richard
  • 6,215
  • 4
  • 33
  • 48
  • Awesome! That totally does it for me. Phew! 50 rep points spent, but my product is safe :) Thanks! – Dmitri Nesteruk Aug 23 '11 at 13:31
  • The quoted answer contradicts the current MS documentation, that states “When a document contains entity references that are defined in a DTD, the references are expanded upon creation of the XML tree” : https://learn.microsoft.com/en-us/dotnet/api/system.xml.linq.xdocumenttype?redirectedfrom=MSDN&view=netcore-3.1 Maybe there was a design change decision some time in these 9 years. – interDist Jun 09 '20 at 11:16