This example shows how to perform more secure XML parsing by disabling the XML External Entity (XXE) Processing. If XML Schema validation is used, then it would also make sense to pre-load the known schemas and to disable loading of any external schemas, for example, via the schemaLocation attribute found in the XML documents. See the comment in driver.cxx for more information on how to achieve this. The example consists of the following files: library.xsd XML Schema which describes a library of books. library.xml Sample XML instance document. It includes (commented out) DOCTYPE declarations with internal and external subsets that the parser will refuse to process. library.hxx library.cxx C++ types that represent the given vocabulary and a set of parsing functions that convert XML instance documents to a tree-like in-memory object model. These files are generated by the XSD compiler from library.xsd using the following command line: xsd cxx-tree library.xsd secure-dom-parser.hxx secure-dom-parser.cxx A secure Xerces-C++ DOM parser implementation that disables processing of internal/external DTD subsets. driver.cxx Driver for the example. It first sets up the secure DOM parser. It then parses the input file to a DOM document using the secure DOM parser and calls one of the parsing functions that constructs the object model from this DOM document. Finally, the driver prints a number of books in the object model to STDERR. To compile and link the example manually from the command line we can use the following commands (replace 'c++' with your C++ compiler name): c++ -DXSD_CXX11 -c library.cxx c++ -DXSD_CXX11 -c secure-dom-parser.cxx c++ -DXSD_CXX11 -c driver.cxx c++ -o driver driver.o library.o secure-dom-parser.o -lxerces-c Note that we need to define the XSD_CXX11 preprocessor macro since the source code includes libxsd headers directly. To run the example on the sample XML instance document execute: ./driver library.xml To verify that DTD processing is disabled, uncomment a different DOCTYPE version in the sample document.