Switch to build2

1 files changed, 41 insertions, 0 deletions

diff --git a/xsd-examples/cxx/tree/secure/README b/xsd-examples/cxx/tree/secure/README
new file mode 100644
index 0000000..649f0a3
--- /dev/null
+++ b/xsd-examples/cxx/tree/secure/README
@@ -0,0 +1,41 @@
+This example shows how to perform more secure XML parsing by disabling
+the XML External Entity (XXE) Processing. If XML Schema validation is
+used, then it would also make sense to pre-load the known schemas and
+to disable loading of any external schemas, for example, via the
+schemaLocation attribute found in the XML documents. See the comment
+in driver.cxx for more information on how to achieve this.
+
+The example consists of the following files:
+
+library.xsd
+  XML Schema which describes a library of books.
+
+library.xml
+  Sample XML instance document. It includes (commented out) DOCTYPE
+  declarations with internal and external subsets that the parser
+  will refuse to process.
+
+library.hxx
+library.cxx
+  C++ types that represent the given vocabulary and a set of parsing
+  functions that convert XML instance documents to a tree-like in-memory
+  object model. These are generated by the XSD compiler from library.xsd.
+
+secure-dom-parser.hxx
+secure-dom-parser.cxx
+  A secure Xerces-C++ DOM parser implementation that disables processing
+  of internal/external DTD subsets.
+
+driver.cxx
+  Driver for the example. It first sets up the secure DOM parser. It then
+  parses the input file to a DOM document using the secure DOM parser and
+  calls one of the parsing functions that constructs the object model from
+  this DOM document. Finally, the driver prints a number of books in the
+  object model to STDERR.
+
+To run the example on the sample XML instance document simply execute:
+
+$ ./driver library.xml
+
+To verify that DTD processing is disabled, uncomment a different DOCTYPE
+version in the sample document.