Use Strict Entity Resolution (-strictEntityResolution) to control whether or not the XML parser (DOM or SAX) will attempt to resolve an external entity if that entity is located outside of the directories in the SCHEMA-PATH attribute of any given SAX-reader or X-document object handle or XML-SCHEMA-PATH attribute of the WEB-OBJECT system handle.
Operating system and syntax
UNIX / Windows
-strictEntityResolutionn
Use with
Maximum value
Minimum value
Single-user default
Multi-user default
Client Session
—
—
1
1
n
Valid values are 0 for non-strict entity resolution, and 1 for strict entity resolution. If the parameter is not specified, the default value is 1.
In strict entity resolution mode, the parser (DOM or SAX) will NOT attempt to resolve an external entity in a location not in the SCHEMA-PATH or XML-SCHEMA-PATH attribute. In non-strict mode, the parser will attempt to resolve an external entity. Using strict entity resolution mode can help prevent an external caller from gaining access to data located in directories not included in the SCHEMA-PATH or XML-SCHEMA-PATH attribute.
This behavior can also be controlled on a case-by-case basis by the STRICT-ENTITY-RESOLUTION attribute of a particular SAX-reader or X-document object handle or the XML-STRICT-ENTITY-RESOLUTION of the WEB-OBJECT system handle. Setting the STRICT-ENTITY-RESOLUTION or XML-STRICT-ENTITY-RESOLUTION attribute overrides the behavior indicated by the startup parameter. See OpenEdge Development: ABL Reference for more information.
