Base: Disable default entity resolution

Fixes CWE-611, guards agains XML external entity attacks.
2025-07-21 21:20:53 -05:00
parent 19001d9cfe
commit 983ec3815c
1 changed files with 1 additions and 0 deletions
--- a/src/Base/Parameter.cpp
+++ b/src/Base/Parameter.cpp
@@ -2094,6 +2094,7 @@ void ParameterManager::CheckDocument() const
        parser.setValidationScheme(XercesDOMParser::Val_Auto);
        parser.setDoNamespaces(true);
        parser.setDoSchema(true);
+        parser.setDisableDefaultEntityResolution(true);

        DOMTreeErrorReporter errHandler;
        parser.setErrorHandler(&errHandler);