diff --git a/reference/libxml/constants.xml b/reference/libxml/constants.xml
index b116dcca7456..fc19c32d05d1 100644
--- a/reference/libxml/constants.xml
+++ b/reference/libxml/constants.xml
@@ -46,6 +46,12 @@
Default DTD attributes
+
+
+ Enabling loading of DTD attributes will enable fetching of external entities.
+ The LIBXML_NONET constant can be used to prevent this.
+
+
@@ -57,6 +63,12 @@
Load the external subset
+
+
+ Enabling loading of external subsets will enable fetching of external entities.
+ The LIBXML_NONET constant can be used to prevent this.
+
+
@@ -68,6 +80,11 @@
Validate with the DTD
+
+
+ Enabling entity validation may facilitate XML External Entity (XXE) attacks.
+
+
diff --git a/reference/libxml/functions/libxml-disable-entity-loader.xml b/reference/libxml/functions/libxml-disable-entity-loader.xml
index 8d9d4ab2e7e7..6ba1c226794c 100644
--- a/reference/libxml/functions/libxml-disable-entity-loader.xml
+++ b/reference/libxml/functions/libxml-disable-entity-loader.xml
@@ -20,12 +20,17 @@
Disable/enable the ability to load external entities.
Note that disabling the loading of external entities may cause general issues
- with loading XML documents. However, as of libxml 2.9.0 entity substitution
+ with loading XML documents.
+
+
+ As of libxml 2.9.0 entity substitution
is disabled by default, so there is no need to disable the loading of external
entities,
- unless there is the need to resolve internal entity references with LIBXML_NOENT.
+ unless there is the need to resolve internal entity references with LIBXML_NOENT or
+ LIBXML_DTDVALID.
Generally, it is preferable to use libxml_set_external_entity_loader
to suppress loading of external entities.
+ The LIBXML_NONET flag can be used to prevent loading of external entities.
@@ -100,6 +105,8 @@
libxml_use_internal_errorslibxml_set_external_entity_loaderThe LIBXML_NOENT constant
+ The LIBXML_DTDVALID constant
+ The LIBXML_NONET constant