An attacker creates an XML document that with an external entity
						reference. External entity references can take the form of <!ENTITY
						name system "uri"> tags in a DTD. Because processors may not validate
						documents with external entities, there may be no checks on the nature of
						the reference in the external entity. This can allow an attacker to open
						arbitrary files or connections. For example, the following DTD would attempt
						to open the /dev/tty device: