Add comment

Author: aibaars

ql/lib/codeql/ruby/frameworks/XmlParsing.qll

@@ -25,14 +25,19 @@ private class NokogiriXmlParserCall extends XmlParserCall::Range, DataFlow::Call
     this.getArgument(3) =
       [trackEnableFeature(TNOENT()), trackEnableFeature(TDTDLOAD()), trackDisableFeature(TNONET())]
     or
+    // calls to methods that enable/disable features in a block argument passed to this parser call.
+    // For example:
+    // ```ruby
+    // doc.parse(...) { |options| options.nononet; options.noent }
+    // ```
     this.asExpr()
         .getExpr()
         .(MethodCall)
         .getBlock()
         .getAStmt()
         .getAChild*()
         .(MethodCall)
-        .getMethodName() = ["noent", "nononet"]
+        .getMethodName() = ["noent", "dtdload", "nononet"]
   }
 }