Fortify scan results show me a xslt injection attack warning on the below code
public Saxon.Api.XsltTransformer transformer = null;
using (System.IO.StreamReader reader = new StreamReader("C://Document.xsl", System.Text.Encoding.UTF8)) **//warning source**
using (System.IO.Stream xslStream = reader.BaseStream)
{
transformer = new Saxon.Api.Processor().NewXsltCompiler().Compile(xslStream).Load(); **//warning line**
}
How can I resolve this situation ?
Note : it doesn't give any error it says this line of code is suspicious