From 07866ef3c02ff6d566731df8baddc03590666995 Mon Sep 17 00:00:00 2001
From: Peter Villadsen <pvillads@users.noreply.github.com>
Date: Fri, 28 Feb 2020 14:00:36 -0800
Subject: [PATCH] Countered security problem with XmlTextReader (#28)

---
 tools/Explorer/TabControl/Helper.cs  | 6 +++++-
 tools/Explorer/Views/SourceEditor.cs | 3 +++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/Explorer/TabControl/Helper.cs b/tools/Explorer/TabControl/Helper.cs
index 685db51..4ce919f 100644
--- a/tools/Explorer/TabControl/Helper.cs
+++ b/tools/Explorer/TabControl/Helper.cs
@@ -79,7 +79,11 @@ namespace Wpf.Controls
         public static object CloneElement(object elementToClone)
         {
             string xaml = XamlWriter.Save(elementToClone);
-            return XamlReader.Load(new XmlTextReader(new StringReader(xaml)));
+            return XamlReader.Load(new XmlTextReader(new StringReader(xaml))
+            {
+                XmlResolver = null,
+                DtdProcessing = DtdProcessing.Prohibit
+            });
         }
 
     }
diff --git a/tools/Explorer/Views/SourceEditor.cs b/tools/Explorer/Views/SourceEditor.cs
index 53a5303..40a06e5 100644
--- a/tools/Explorer/Views/SourceEditor.cs
+++ b/tools/Explorer/Views/SourceEditor.cs
@@ -71,6 +71,9 @@ namespace XppReasoningWpf
 
                 using (var xshd_reader = new XmlTextReader(syntaxModeStream))
                 {
+                    xshd_reader.DtdProcessing = DtdProcessing.Prohibit;
+                    xshd_reader.XmlResolver = null;
+
                     syntaxModeStream = null;
                     return ICSharpCode.AvalonEdit.Highlighting.Xshd.HighlightingLoader.Load(xshd_reader, HighlightingManager.Instance);
                 }