I am trying to convert an XML document to another by using XslCompiledTransform. But I am getting an exception with the following error message:
For security reasons DTD is prohibited in this XML document. To enable DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the settings into XmlReader.Create method.
I already set the DtdProcessing property on XmlReaderSettings to Parse.
However, I am still encountering the same exception with the same error message.
My sample code:
XslCompiledTransform xslt = new XslCompiledTransform(false);
XmlReaderSettings xmlReaderSettings = new XmlReaderSettings() { DtdProcessing = DtdProcessing.Parse, ValidationType = ValidationType.DTD };
xmlReaderSettings.DtdProcessing = DtdProcessing.Parse;
xmlReaderSettings.ValidationType = ValidationType.DTD;
xmlReaderSettings.ValidationEventHandler += new ValidationEventHandler(ValidationCallBack);
using (XmlReader xsltReader = XmlReader.Create(_tesseractSettings.GetXSLTFilePath(), xmlReaderSettings))
{
xslt.Load(_tesseractSettings.GetXSLTFilePath());
xslt.Transform(inputFile, outputFile);
}
ValidationCallBack:
private static void ValidationCallBack(object sender, ValidationEventArgs e)
{
File.WriteAllText(someTxtFilePath, e.Message);
}
If it is relevant here is the document type declarations.
Input XML:
<!DOCTYPE html PUBLIC "/W3C/DTD XHTML 1.0 Transitional/EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
XSLT file:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:htm="http://www.w3.org/1999/xhtml" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs" version="2.0" xpath-default-namespace="http://www.w3.org/1999/xhtml">
<xsl:output method="xml" omit-xml-declaration="yes"/>
I have also tried setting DtdProcessing to DtdProcessing.Ignore and the same exception occurs. I have also tried removing the Document Type declaration element before the transformation. When I do this I no longer get the exception, however the transformation doesn't give me the output I expect. I know the issue isn't with the xslt file because the transformation still works on Oxygen or any online tester.
I have been researching the internet but with no avail.
Any help would be appreciated thank you.
DTD which stands for
Document Type Definition.The purpose of a DTD is to define the structure and the legal elements and attributes of an XML document. However it is occasionally exploited by hackers to perform something known as XXE (XML External Entity) attacks.So Microsoft basically provides three options for Dtd Processing to avoid such attacks:
Inline is an example from microsoft docs:
Prohibit: Also the default value of DtdProcessing. Throws an exception when xml reader encounters any DTD content in xml file.
Ignore: It simply instructs the xml reader to ignore any dtd content inside of xml file and process it. As a result the output is ripped of any dtd content if present. Thus results in loss of data.