When reading an XML file, set the AllowDoctype option to false.
Priority
Mandatory
Severity level
3
Description
When using the xmlread or matlab.io.xml.dom.Parser functions, make sure to set AllowDoctype to false.
Rationale
In XML, doc type definitions can contain exploding content that -if not caught- can cause unexpected behavior. Therefore, doc types should not be allowed to be read.
content = xmlread(myFile, "AllowDoctype", false);
% For matlab.io.xml.dom.Parser configurations, AllowDoctype is false by default.
p = matlab.io.xml.dom.Parser();
p.parseFile(myFile);
