public function testWhitelistedDocumentTypesAreAllowed()
{
$xmlVisitor = new XmlDeserializationVisitor(new SerializedNameAnnotationStrategy(new CamelCaseNamingStrategy()), $this->getDeserializationHandlers(), new UnserializeObjectConstructor());
$xmlVisitor->setDoctypeWhitelist(array('<!DOCTYPE authorized SYSTEM "http://authorized_url.dtd">', '<!DOCTYPE author [<!ENTITY foo SYSTEM "php://filter/read=convert.base64-encode/resource=' . basename(__FILE__) . '">]>'));
$serializer = new Serializer(new MetadataFactory(new AnnotationDriver(new AnnotationReader())), array(), array('xml' => $xmlVisitor));
$serializer->deserialize('<?xml version="1.0"?>
<!DOCTYPE authorized SYSTEM "http://authorized_url.dtd">
<foo></foo>', 'stdClass', 'xml');
$serializer->deserialize('<?xml version="1.0"?>
<!DOCTYPE author [
<!ENTITY foo SYSTEM "php://filter/read=convert.base64-encode/resource=' . basename(__FILE__) . '">
]>
<foo></foo>', 'stdClass', 'xml');
}
