ProhibitDTD Property

  • Article

 

Specifies whether to prohibit (true) or allow (false) the inclusion of a DTD in the XML DOM document.

This property is supported in MSXML 3.0 and 6.0. The default value is false for 3.0. The default value is true for 6.0.

This property has security implications. For more information, see MSXML Security Overview and DOM Security.

Script Syntax

domObj.setProperty(strProp, vBool);  
vBool = domObj.getProperty(strProp);

Visual Basic Syntax

domObj.setProperty
(strProp, vBool)  
vBool = domObj.getProperty
(strProp)

C\C++ Syntax

HRESULT setProperty(BSTR strProp, VARIANT vBool);  
HRESULT getProperty(BSTR strProp, VARIANT* vBool);

Parameters

strProp
A BSTR string whose value is "ProhibitDTD".

vBool
A VARIANT_BOOL value of true or false.

Remarks

This property allows you to prohibit DTD use and can help prevent a denial of service attack in some situations. For example, an application might become unresponsive if a large number of entity references are included with the DTD and require resolution when the document XML is parsed and loaded.

Setting this property to true will prohibit DTDs and result in one of the following parser errors whenever a DTD is included:

  • "Invalid at the top level of the document" (XML_E_INVALIDATROOTLEVEL, 0xC00CE556), when using MSXML 3.0 (property "NewParser" = true/false).

  • "DTD is prohibited" (XML_E_DTD_PROHIBITED, 0xC00CE584), when using MSXML 6.0 (property "NewParser" = false).

  • "DTD is prohibited" (WC_E_DTD_PROHIBITED, 0xC00CEE4E) when using MSXML 6.0 (property "NewParser" = true)

When the DOM object is cloned, the value of this property is not propagated to the cloned object. You need to reset this property on the clone, if desired.

The following shows how this property is set in JScript:

dom.setProperty("ProhibitDTD", true);  //for JScript

For Visual Basic or VBScript, the following is the correct syntax:

dom.setProperty "ProhibitDTD", True 'for VB/VBScript

Versioning

This property is supported in MSXML 3.0 and 6.0. The default value is false for 3.0. The default value is true for 6.0.

Applies to

Interface: IXMLDOMDocument2

Methods: setProperty | getProperty