HP fortify XML External Entity Injection

Question

Hp fortify shows me a XML external entity injection on the below code:

StringBuilder sb = new StringBuilder();
StringWriter stringWriter = new StringWriter(sb);
xmlSerializer.Serialize(stringWriter, o);
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(stringWriter.ToString());  //bad code
result = xmlDoc.ChildNodes[1].OuterXml;

in the above it was showing the vulnerability in the following line xmlDoc.LoadXml(stringWriter.ToString());

How can I resolve this situation?

Answer 1

use xmlDoc.XmlResolver = null; before loading the xml.