This example shows how to perform more secure XML parsing by disabling the XML External Entity (XXE) Processing. If XML Schema validation is used, then it would also make sense to pre-load the known schemas and to disable loading of any external schemas, for example, via the schemaLocation attribute found in the XML documents. See the comment in driver.cxx for more information on how to achieve this. The example consists of the following files: library.xsd XML Schema which describes a library of books. library.xml Sample XML instance document. It includes (commented out) DOCTYPE declarations with internal and external subsets that the parser will refuse to process. library.hxx library.cxx C++ types that represent the given vocabulary and a set of parsing functions that convert XML instance documents to a tree-like in-memory object model. These are generated by the XSD compiler from library.xsd. secure-dom-parser.hxx secure-dom-parser.cxx A secure Xerces-C++ DOM parser implementation that disables processing of internal/external DTD subsets. driver.cxx Driver for the example. It first sets up the secure DOM parser. It then parses the input file to a DOM document using the secure DOM parser and calls one of the parsing functions that constructs the object model from this DOM document. Finally, the driver prints a number of books in the object model to STDERR. To run the example on the sample XML instance document simply execute: $ ./driver library.xml To verify that DTD processing is disabled, uncomment a different DOCTYPE version in the sample document.