You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by Aniruddha Purkar <an...@gmail.com> on 2014/06/02 22:37:28 UTC

Xerces 2.1 cpp disable external entity dereferencing

hi, 

I am using Xerces 2.1 C++ SAXParser for parsing the xml input. 
Is there any way to disable external entity dereferencing to avoid XEE attack for this implementation. Upgrading to later version is not preferable.

I cant find setFeature or getFeature method provided with this SAXParser interface. 

Would writing a custom entityResolver and filtering expansion of all external entities, be a right way of achieving this?

Any pointer would be appreciated. 

Thanks,
Anirudh
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org