I am using XercesDOMParser to read an xml file in linux (c++), I want to prevent xml bomb (Billion laughs) so I set these properties:
parser->setDoNamespaces(true)
parser->setDisableDefaultEntityResolution(true)
parser->setEntityResolver(NULL)
parser->setSkipDTDValidation(true)
However, it doesn't help and bomb still remain. Do you know how to prevent it (I have to use xerces with DOM only)
10x!
Aucun commentaire:
Enregistrer un commentaire