By default XML processors attempt to load all XML schemas and DTD (their locations are defined with `xsi:schemaLocation` attributes and `DOCTYPE` declarations), potentially from an external storage such as file system or network, which may lead, if no restrictions are put in place, to https://owasp.org/www-community/attacks/Server_Side_Request_Forgery[server-side request forgery (SSRF)] vulnerabilities.
