summaryrefslogtreecommitdiffstats
path: root/src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs
diff options
context:
space:
mode:
Diffstat (limited to 'src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs')
-rw-r--r--src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs b/src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs
index 5526bfd..0660ec7 100644
--- a/src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs
+++ b/src/DotNetOpenAuth.InfoCard/InfoCard/Token/Token.cs
@@ -51,7 +51,8 @@ namespace DotNetOpenAuth.InfoCard {
string decryptedString;
using (StringReader xmlReader = new StringReader(tokenXml)) {
- using (XmlReader tokenReader = XmlReader.Create(xmlReader)) {
+ var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings();
+ using (XmlReader tokenReader = XmlReader.Create(xmlReader, readerSettings)) {
Contract.Assume(tokenReader != null); // BCL contract should say XmlReader.Create result != null
if (IsEncrypted(tokenReader)) {
Logger.InfoCard.DebugFormat("Incoming SAML token, before decryption: {0}", tokenXml);
@@ -206,7 +207,8 @@ namespace DotNetOpenAuth.InfoCard {
var stringReader = new StringReader(tokenXml);
XmlReader tokenReader;
try {
- tokenReader = XmlReader.Create(stringReader);
+ var readerSettings = MessagingUtilities.CreateUntrustedXmlReaderSettings();
+ tokenReader = XmlReader.Create(stringReader, readerSettings);
} catch {
stringReader.Dispose();
throw;
generated by cgit v1.1 at 2025-06-02 19:29:48 +0000