<?xml version="1.0" ?>
<!DOCTYPE list [
<!ELEMENT list (bsinfo+)>
<!ELEMENT bsinfo (id,title,desc,books)>
]>
<list>
<bsinfo>
In my project i want to validate whether the XML contains DTD or not. Currenly i am using Libxml parser to parse the XML.
In LibXML how can i check whether XML contains DTD.
While sending request XML to server how can i prevent XXE attack.
When you say "i want to validate whether the XML contains DTD" do you mean (a) "I want to use the DTD present in the document, if there is one, otherwise I want to use the DTD in myfine.dtd"? or (b) "Regardless of what is present in the XML instance, I want to validate against onetrue.dtd"?
In case (a), one way to test for a document type declaration is to load the document and apply an appropriate regular expression looking for the string '
In case (b) you don't need to check whether the XML contains a reference to a DTD; you just tell libxml to validate against onetrue.dtd, using the C API's equivalent of the xmllint --dtdvalid option. And you protect against unacceptable external or internal entities by not having entity declarations in the DTD for unacceptable entities.
Both of these answers assume that when you ask "While sending request XML to server how can i prevent XXE attack" you are seeking to protect the server, not the requestor, against an XXE attack. I don't know how to protect the requestor, since I don't understand how entity processing can be used to attack a requestor.