If you're referring to the DoS
(NB: Not DDoS, which is a different thing altogether!) and XXE vulnerabilities, the problem and solutions are described in this MSDN Magazine article:
XML Denial of Service Attacks and Defenses[
^]
In short:
public static XmlDocument LoadUntrustedXml(string input)
{
var settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Prohibit,
MaxCharactersFromEntities = 1024,
XmlResolver = null,
};
using (var stringReader = new StringReader(input))
using (var xmlReader = XmlReader.Create(stringReader, settings))
{
var result = new XmlDocument();
result.Load(xmlReader);
return result;
}
}