XmlReaderSettings Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
public ref class XmlReaderSettings sealed
public sealed class XmlReaderSettings
type XmlReaderSettings = class
Public NotInheritable Class XmlReaderSettings
- Inheritance
-
XmlReaderSettings
Examples
The following example creates an XmlReader that uses an XmlUrlResolver with the necessary credentials.
// Create an XmlUrlResolver with the credentials necessary to access the Web server.
var resolver = new XmlUrlResolver();
var myCred = new NetworkCredential(UserName, SecurelyStoredPassword, Domain);
resolver.Credentials = myCred;
var settings = new XmlReaderSettings();
settings.XmlResolver = resolver;
// Create the reader.
XmlReader reader = XmlReader.Create("http://serverName/data/books.xml", settings);
' Create an XmlUrlResolver with the credentials necessary to access the Web server.
Dim resolver As New XmlUrlResolver()
Dim myCred As System.Net.NetworkCredential
myCred = New System.Net.NetworkCredential(UserName, SecurelyStoredPassword, Domain)
resolver.Credentials = myCred
Dim settings As New XmlReaderSettings()
settings.XmlResolver = resolver
' Create the reader.
Dim reader As XmlReader = XmlReader.Create("http://serverName/data/books.xml", settings)
Remarks
You use the Create method to obtain XmlReader instances. This method uses the XmlReaderSettings class to specify which features to implement in the XmlReader object it creates.
See the Remarks sections of the XmlReader and Create reference pages for information about which settings to use for conformance checks, validation, and other common scenarios. See the XmlReaderSettings() constructor for a list of default settings.
Security considerations
Consider the following when using the XmlReaderSettings class.
The ProcessInlineSchema and ProcessSchemaLocation validation flags of an XmlReaderSettings object are not set by default. When these flags are set, the XmlResolver of the XmlReaderSettings object is used to resolve schema locations encountered in the instance document in the XmlReader. If the XmlResolver object is
null
, schema locations are not resolved even if the ProcessInlineSchema and ProcessSchemaLocation validation flags are set.Schemas added during validation add new types and can change the validation outcome of the document being validated. As a result, external schemas should only be resolved from trusted sources.
Validation error messages may expose sensitive content model information. Validation error and warning messages are handled using the ValidationEventHandler delegate, or are exposed as an XmlSchemaValidationException if no event handler is provided to the XmlReaderSettings object (validation warnings do not cause an XmlSchemaValidationException to be thrown). This content model information should not be exposed in untrusted scenarios. Validation warning messages are suppressed by default and can be reported by setting the ReportValidationWarnings flag.
The SourceUri property of an XmlSchemaValidationException returns the URI path to the schema file that caused the exception. The SourceUri property should not be exposed in untrusted scenarios.
Disabling the ProcessIdentityConstraints flag (enabled by default) is recommended when validating, untrusted, large XML documents in high availability scenarios against a schema with identity constraints over a large part of the document.
XmlReaderSettings objects can contain sensitive information such as user credentials. You should be careful when caching XmlReaderSettings objects, or when passing the XmlReaderSettings object from one component to another.
DTD processing is disabled by default. If you enable DTD processing, you need to be aware of including DTDs from untrusted sources and possible denial of service attacks. Use the XmlSecureResolver to restrict the resources that the XmlReader can access.
Do not accept supporting components, such as NameTable, XmlNamespaceManager, and XmlResolver objects, from an untrusted source.
Memory usage of an application that uses XmlReader may have a correlation to the size of the parsed XML document. One form of denial of service attack is when excessively large XML documents are submitted to be parsed. You can limit the size of the document that can be parsed by setting the MaxCharactersInDocument property and then limit the number of characters that result from expanding entities by setting the MaxCharactersFromEntities property.
Constructors
XmlReaderSettings() |
Initializes a new instance of the XmlReaderSettings class. |
XmlReaderSettings(XmlResolver) |
Obsolete.
Initializes a new instance of the XmlReaderSettings class. |
Properties
Async |
Gets or sets whether asynchronous XmlReader methods can be used on a particular XmlReader instance. |
CheckCharacters |
Gets or sets a value indicating whether to do character checking. |
CloseInput |
Gets or sets a value indicating whether the underlying stream or TextReader should be closed when the reader is closed. |
ConformanceLevel |
Gets or sets the level of conformance which the XmlReader will comply. |
DtdProcessing |
Gets or sets a value that determines the processing of DTDs. |
IgnoreComments |
Gets or sets a value indicating whether to ignore comments. |
IgnoreProcessingInstructions |
Gets or sets a value indicating whether to ignore processing instructions. |
IgnoreWhitespace |
Gets or sets a value indicating whether to ignore insignificant white space. |
LineNumberOffset |
Gets or sets line number offset of the XmlReader object. |
LinePositionOffset |
Gets or sets line position offset of the XmlReader object. |
MaxCharactersFromEntities |
Gets or sets a value indicating the maximum allowable number of characters in a document that result from expanding entities. |
MaxCharactersInDocument |
Gets or sets a value indicating the maximum allowable number of characters in an XML document. A zero (0) value means no limits on the size of the XML document. A non-zero value specifies the maximum size, in characters. |
NameTable |
Gets or sets the XmlNameTable used for atomized string comparisons. |
ProhibitDtd |
Obsolete.
Obsolete.
Gets or sets a value indicating whether to prohibit document type definition (DTD) processing. This property is obsolete. Use DtdProcessing instead. |
Schemas |
Gets or sets the XmlSchemaSet to use when performing schema validation. |
ValidationFlags |
Gets or sets a value indicating the schema validation settings. This setting applies to XmlReader objects that validate schemas (ValidationType property set to |
ValidationType |
Gets or sets a value indicating whether the XmlReader will perform validation or type assignment when reading. |
XmlResolver |
Sets the XmlResolver used to access external documents. |
Methods
Clone() |
Creates a copy of the XmlReaderSettings instance. |
Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
GetType() |
Gets the Type of the current instance. (Inherited from Object) |
MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
Reset() |
Resets the members of the settings class to their default values. |
ToString() |
Returns a string that represents the current object. (Inherited from Object) |
Events
ValidationEventHandler |
Occurs when the reader encounters validation errors. |