From f22acefd76f0da717f254c097c93a9307e93d337 Mon Sep 17 00:00:00 2001
From: Ahmed Allam <ahmed39652003@gmail.com>
Date: Mon, 13 Oct 2025 17:47:15 -0700
Subject: [PATCH] refactor: Remove parser hardening examples from xxe prompt

---
 strix/prompts/vulnerabilities/xxe.jinja | 40 -------------------------
 1 file changed, 40 deletions(-)

diff --git a/strix/prompts/vulnerabilities/xxe.jinja b/strix/prompts/vulnerabilities/xxe.jinja
index ac00619..510e6a1 100644
--- a/strix/prompts/vulnerabilities/xxe.jinja
+++ b/strix/prompts/vulnerabilities/xxe.jinja
@@ -145,46 +145,6 @@ evil.dtd:
 </office_docs>
 </special_contexts>
 
-<parser_hardening>
-<java>
-```java
-DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
-f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-f.setFeature("http://xml.org/sax/features/external-general-entities", false);
-f.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
-f.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
-f.setAttribute("http://javax.xml.XMLConstants/property/accessExternalDTD", "");
-f.setAttribute("http://javax.xml.XMLConstants/property/accessExternalSchema", "");
-```
-</java>
-
-<dotnet>
-```csharp
-var settings = new XmlReaderSettings {
-  DtdProcessing = DtdProcessing.Prohibit,
-  XmlResolver = null
-};
-```
-</dotnet>
-
-<python>
-```python
-from lxml import etree
-parser = etree.XMLParser(resolve_entities=False, no_network=True)
-etree.fromstring(xml_bytes, parser)
-# Prefer defusedxml for stdlib parsers
-```
-</python>
-
-<php>
-```php
-$dom = new DOMDocument();
-// Do NOT use LIBXML_NOENT; forbid network
-$dom->loadXML($xml, LIBXML_NONET | LIBXML_NOERROR | LIBXML_NOWARNING);
-```
-</php>
-</parser_hardening>
-
 <validation>
 1. Provide a minimal payload proving parser capability (DOCTYPE/XInclude/XSLT).
 2. Demonstrate controlled access (file path or internal URL) with reproducible evidence.