doc: Add another warning to XML_PARSE_DTDVALID

While most parts of libxml2, including the parser, are still vulnerable to such attacks, it is unlikely that DTD validation will ever be fixed.
2026-01-26 21:41:34 +03:00 · 2025-07-27 12:55:11 +02:00
parent 859899a87e
commit 8436916097
1 changed files with 3 additions and 0 deletions
--- a/include/libxml/parser.h
+++ b/include/libxml/parser.h
@@ -1727,6 +1727,9 @@ typedef enum {
     * This option enables DTD validation which requires to load
     * external DTDs and external entities (both general and
     * parameter entities) unless XML_PARSE_NO_XXE was set.
+     *
+     * DTD validation is vulnerable to algorithmic complexity
+     * attacks and should never be enabled with untrusted input.
     */
    XML_PARSE_DTDVALID = 1<<4,
    /**