From 9714e2f87a6240d1b2b979eb39c7d34791aafdae Mon Sep 17 00:00:00 2001
From: Chris Hennes <chennes@gmail.com>
Date: Sun, 8 Jun 2025 18:48:11 -0500
Subject: [PATCH] Base: Disable XML external entity expansion

Addresses https://github.com/FreeCAD/FreeCAD/security/code-scanning/29
---
 src/Base/Parameter.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Base/Parameter.cpp b/src/Base/Parameter.cpp
index 980e0bd776..64fafe5610 100644
--- a/src/Base/Parameter.cpp
+++ b/src/Base/Parameter.cpp
@@ -1872,6 +1872,7 @@ int ParameterManager::LoadDocument(const XERCES_CPP_NAMESPACE_QUALIFIER InputSou
     parser->setDoSchema(gDoSchema);
     parser->setValidationSchemaFullChecking(gSchemaFullChecking);
     parser->setCreateEntityReferenceNodes(gDoCreate);
+    parser->setDisableDefaultEntityResolution(true);
 
     auto errReporter = new DOMTreeErrorReporter();
     parser->setErrorHandler(errReporter);