XmlResolver Class

Resolves external XML resources named by a Uniform Resource Identifier (URI).

Syntax

public abstract class XmlResolver

Remarks

XmlResolver is used to resolve external XML resources, such as entities, document type definitions (DTDs), or schemas. It is also used to process include and import elements found in Extensible StyleSheet Language (XSL) style sheets or XML Schema definition language (XSD) schemas.

System.Xml.XmlUrlResolver is a concrete implementation of XmlResolver and is the default resolver for all classes in the System.Xml namespace. You can also create your own resolver.

Security Considerations

Consider the following items when working with the System.Xml.XmlResolver class.

System.Xml.XmlResolver objects can contain sensitive information such as user credentials. You should be careful when caching System.Xml.XmlResolver objects and should not pass the System.Xml.XmlResolver object to an untrusted component.
If you are designing a class property that uses the System.Xml.XmlResolver class, the property should be defined as a write-only property. The property can be used to specify the System.Xml.XmlResolver to use, but it cannot be used to return an System.Xml.XmlResolver object.
If your application accepts System.Xml.XmlResolver objects from untrusted code, you cannot assume that the URI passed into the XmlResolver.GetEntity(Uri, string, Type) method will be the same as that returned by the XmlResolver.ResolveUri(Uri, string) method. Classes derived from the System.Xml.XmlResolver class can override the XmlResolver.GetEntity(Uri, string, Type) method and return data that is different than what was contained in the original URI.
Your application can mitigate memory Denial of Service threats to the XmlResolver.GetEntity(Uri, string, Type) method by implementing a wrapping implemented IStream that limits the number of bytes read. This helps to guard against situations where malicious code attempts to pass an infinite stream of bytes to the XmlResolver.GetEntity(Uri, string, Type) method.

Thread Safety

All public static members of this type are safe for multithreaded operations. No instance members are guaranteed to be thread safe.

Requirements

Namespace: System.Xml
Assembly: System.Xml (in System.Xml.dll)
Assembly Versions: 1.0.5000.0, 2.0.0.0, 4.0.0.0