Skip to content

Commit 4178c96

Browse files
lduchosalclaude
lduchosal
and
claude
committed
fix: explicit XmlReaderSettings in test helper (#378)
Add DtdProcessing.Prohibit and XmlResolver = null to make security settings explicit rather than relying on defaults. Closes #378 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 446ff11 commit 4178c96

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

src/TestProject/DataContractSerializeHelper.cs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,8 +54,13 @@ public static T Deserialize<T>(string xml)
5454
return new T();
5555
}
5656

57+
var settings = new XmlReaderSettings
58+
{
59+
DtdProcessing = DtdProcessing.Prohibit,
60+
XmlResolver = null,
61+
};
5762
using var textReader = new StringReader(xml);
58-
using var xmlReader = XmlReader.Create(textReader);
63+
using var xmlReader = XmlReader.Create(textReader, settings);
5964
var serializer = new DataContractSerializer(typeof(T));
6065
var result = (T)serializer.ReadObject(xmlReader);
6166
return result;

0 commit comments

Comments
 (0)