Indicates whether or not the XML parser (DOM or SAX) will attempt to resolve an external entity if the entity is located outside of the directories in the XML-SCHEMA-PATH attribute of an XML document sent as a WebSpeed request.
If XML-STRICT-ENTITY-RESOLUTION is TRUE, the parser will NOT attempt to resolve an external entity that is located outside of the directories in the XML-SCHEMA-PATH attribute of the WEB-CONTEXT system handle. If XML-STRICT-ENTITY-RESOLUTION is FALSE, the parser will attempt to resolve an external entity. Setting this attribute to TRUE can help prevent an external caller from gaining access to data located in directories not included in the XML-SCHEMA-PATH attribute.
You can set this behavior globally by using the -strictEntityResolution startup parameter. The default value of the attribute is set by the startup parameter, but you can change the attribute as needed to override the behavior set by the startup parameter. See the OpenEdge Deployment: Startup Command and Parameter Reference for more information.
What XML-STRICT-ENTITY-RESOLUTION avoids
In WebSpeed, the first time you access the X-document handle or any of its attributes, you trigger a load of the document, which precedes your access. For example, if you set the STRICT-ENTITY-RESOLUTION attribute of X-document (of WEB-CONTEXT) before accessing X-document (of WEB-CONTEXT) or any of its attributes, when the document arrives, WebSpeed first loads the document, then sets STRICT-ENTITY-RESOLUTION to your value. So at load time, STRICT-ENTITY-RESOLUTION might not contain your value, which might cause WebSpeed not to observe the XML-SCHEMA-PATH when resolving entities.
By contrast, if you set XML-STRICT-ENTITY-RESOLUTION instead of STRICT-ENTITY-RESOLUTION, when the document arrives, WebSpeed assigns the value of XML-STRICT-ENTITY-RESOLUTION to STRICT-ENTITY-RESOLUTION before doing anything else. As a result, WebSpeed correctly observes the XML-SCHEMA-PATH.
How to use XML-STRICT-ENTITY-RESOLUTION
In WebSpeed, instead of accessing the STRICT-ENTITY-RESOLUTION attribute of X-document (of WEB-CONTEXT), access XML-STRICT-ENTITY-RESOLUTION. For example, if you want a WebSpeed application to be restricted to XML-SCHEMA-PATH when resolving entities, have the application set the WEB-CONTEXT:XML-STRICT-ENTITY-RESOLUTION attribute before accessing the WEB-CONTEXT:X-DOCUMENT.
