/// <summary>
/// Configures the DocumentBuilderFactory in a way, that it is protected against XML External Entity Attacks.
/// If the implementing parser does not support one or multiple features, the failed feature is ignored.
/// The parser might not protected, if the feature assignment fails.
/// </summary>
/// <seealso cref= <a href="https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet">OWASP Information of XXE attacks</a>
/// </seealso>
/// <param name="dbf"> The factory to configure. </param>
//JAVA TO C# CONVERTER WARNING: 'final' parameters are not available in .NET:
//ORIGINAL LINE: private void protectAgainstXxeAttacks(final javax.xml.parsers.DocumentBuilderFactory dbf)
private void protectAgainstXxeAttacks(DocumentBuilderFactory dbf)
{
try
{
dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
}
catch (ParserConfigurationException)
{
}
try
{
dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
}
catch (ParserConfigurationException)
{
}
try
{
dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
}
catch (ParserConfigurationException)
{
}
dbf.XIncludeAware = false;
dbf.ExpandEntityReferences = false;
}