-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to trim DtdParser when using default XmlReader settings #73465
Comments
Tagging subscribers to 'linkable-framework': @eerhardt, @vitek-karas, @LakshanF, @sbomer, @joperezr Issue DetailsWhen using Long time ago we had a similar problem where We should do something similar for DTD parsing. The way to fix this is to tie the dependency to Note that the fix is not going to be as simple as it was for the XSD validation. The A simple experiment I did:
The size difference in
|
Also tagging @dotnet/area-system-xml. |
@vitek-karas is this important for 8.0? (move back if it is 😄) |
@eerhardt does XML matter for the cloud native scenarios? This affects any scenario which will parse XML (no matter the API used to do that). |
For .NET 8, the main scenarios we are focused on are listed in dotnet/aspnetcore#45910. For "Stage 1", there are no XML dependencies right now. I'm not certain about "Stage 2". But doing a quick search for |
When using
XmlReader
created viaXmlReader.Create
DTD parsing is prohibited by default (for security reasons). So it's very likely that vast majority of apps have it turned off. Trimming such app (either viaPublishTrimmed=true
orPublishAot=true
) should ideally be able to remove all code related to DTD parsing, as it will never be used. Currently that's not the case.Long time ago we had a similar problem where
XmlReader
would bring inXmlSchema
and related validation classes in the default case - even though XSD validation is also off by default. This has been fixed in dotnet/corefx#23867We should do something similar for DTD parsing. The way to fix this is to tie the dependency to
DtdParser
to setting theXmlReaderSettings.DtdProcessing
. By default this property isProhibit
, so if it's not set, it's value will beProhibit
and thusDtdParser
is not needed. If the app sets theDtdProcessing
property we would have to assume that it enables it (static analysis currently can't tell the value) and makeDtdParser
available.Note that the fix is not going to be as simple as it was for the XSD validation. The
XmlReaderImpl
has several places where it depends onDtdParser
and the value of theDtdProcessing
setting is copied from the settings into the reader and the reader also exposes it. So we would have to "guard" theDtdParser
creation in multiple places (basically everywhere the DtdProcessing for the reader can be modified), but it definitely seems doable.A simple experiment I did:
DtdParser
from the readerThe size difference in
System.Private.Xml.dll
is almost 160KB, before the change the trimmed dll is 531KB, after the change it's 373KB. That is 30% size decrease for that dll. The overall size of all managed code in the sample app is 4.2 MB.The text was updated successfully, but these errors were encountered: