I have an old project which parses XML files coming from an external origin, so it is at least in principle vulnerable to XXE.
It is difficult to update the project to use newer versions of XML libraries, which can be configured to prevent XXE from happening. So I am looking instead for a “manual” solution; since XML files which arrive, should not have
<!ENTITY and such, it looks to me that it should suffice to remove from the text of the XML file the
<!DOCTYPE> content for this purpose.
Am I missing something here?