Validating XML documents

Last update:

May 18, 2026

ColdFusion provides the following methods for validating a document against a DTD or an XML Schema:

The XmlParse function can validate XML text that it is parsing against a DTD or Schema. It the function encounters a validation error, ColdFusion generates an error and stops parsing the text. If the validator generates warnings, but no errors, ColdFusion parses the document and returns the result.
The XmlValidate function can validate an XML text document or XML document object. against a DTD or Schema. The function returns a data structure with detailed information from the validator, including arrays of warning, error, and fatal error messages, and a Boolean status variable indicating whether the document is valid. Your application can examine the status information and determine how to handle it further.

For examples of XML validation, see XmlParse and XmlValidate in the CFML Reference. The XmlParse example validates a document using a DTD. The XmlValidate example validates the document using an XML Schema that represents the same document structure as the DTD.

DOCTYPE declarations and secure validation

Starting in ColdFusion (2025.0.08), ColdFusion blocks XML containing a <!DOCTYPE ...> declaration by default, including during validation. This is a security hardening change that helps reduce exposure to XXE and DTD-based denial-of-service attacks.If your XML validation flow legitimately depends on a DOCTYPE declaration, explicitly pass:

<cfset opts = {

    ALLOWDOCTYPEDECLARATION = true,

    ALLOWEXTERNALENTITIES = false,

    ENTITYEXPANSIONLIMIT = 1000

}>

and then:

<cfset result = XmlValidate(myXmlString, "schema.xsd", opts)>

Enable ALLOWDOCTYPEDECLARATION only for trusted XML that is known to require a DOCTYPE declaration. Do not enable it for arbitrary user input or untrusted third-party payloads.

Was this page helpful?

We're glad. Tell us how this page helped.

Found the answer to my problem Understood the instructions Liked the feature

Other suggestions

We're sorry. Can you tell us what didn't work for you?

Didn't find the answer to my problem Couldn't understand the instructions Didn't like the feature

Other suggestions

Thank you for your feedback. Your response will help improve this page.

Was this helpful?

We are sorry the content didn't meet your needs.

Share additional feedback to help us improve.

0/255 | Character limit exceeded.

Thank you so much for sharing your feedback!

Validating XML documents

On this page