Merge branch 'v4.0' into v4.1

1 files changed, 21 insertions, 0 deletions

diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
index e821953..2973c72 100644
--- a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs
@@ -356,6 +356,27 @@ namespace DotNetOpenAuth.Messaging {
 			return realmUrl.Uri;
 		}
 
+		/// Creates the XML reader settings to use for reading XML from untrusted sources.
+		/// </summary>
+		/// <returns>
+		/// The new instance of <see cref="XmlReaderSettings"/>.
+		/// </returns>
+		/// <remarks>
+		/// The default values set here are based on recommendations from
+		/// http://msdn.microsoft.com/en-us/magazine/ee335713.aspx
+		/// </remarks>
+		internal static XmlReaderSettings CreateUntrustedXmlReaderSettings() {
+			return new XmlReaderSettings {
+				MaxCharactersFromEntities = 1024,
+				XmlResolver = null,
+#if CLR4
+				DtdProcessing = DtdProcessing.Prohibit,
+#else
+				ProhibitDtd = true,
+#endif
+			};
+		}
+
 		/// <summary>
 		/// Clears any existing elements in a collection and fills the collection with a given set of values.
 		/// </summary>