diff options
Diffstat (limited to 'src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs')
| -rw-r--r-- | src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs index e821953..2973c72 100644 --- a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs +++ b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs @@ -356,6 +356,27 @@ namespace DotNetOpenAuth.Messaging { return realmUrl.Uri; } + /// Creates the XML reader settings to use for reading XML from untrusted sources. + /// </summary> + /// <returns> + /// The new instance of <see cref="XmlReaderSettings"/>. + /// </returns> + /// <remarks> + /// The default values set here are based on recommendations from + /// http://msdn.microsoft.com/en-us/magazine/ee335713.aspx + /// </remarks> + internal static XmlReaderSettings CreateUntrustedXmlReaderSettings() { + return new XmlReaderSettings { + MaxCharactersFromEntities = 1024, + XmlResolver = null, +#if CLR4 + DtdProcessing = DtdProcessing.Prohibit, +#else + ProhibitDtd = true, +#endif + }; + } + /// <summary> /// Clears any existing elements in a collection and fills the collection with a given set of values. /// </summary> |