Skip to content

Commit

Permalink
Disable external entities in XML reader
Browse files Browse the repository at this point in the history
  • Loading branch information
stariy95 committed Jul 9, 2018
1 parent 0b1f5af commit 6fc896b
Showing 1 changed file with 5 additions and 6 deletions.
11 changes: 5 additions & 6 deletions cayenne-server/src/main/java/org/apache/cayenne/util/Util.java
Original file line number Diff line number Diff line change
Expand Up @@ -346,17 +346,16 @@ public byte[] toByteArray() {
*/
public static XMLReader createXmlReader() throws SAXException, ParserConfigurationException {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
spf.setFeature("http://xml.org/sax/features/namespaces", true);

// Create a JAXP SAXParser
SAXParser saxParser = spf.newSAXParser();

// Get the encapsulated SAX XMLReader
XMLReader reader = saxParser.getXMLReader();

// set default features
reader.setFeature("http://xml.org/sax/features/namespaces", true);

return reader;
return saxParser.getXMLReader();
}

/**
Expand Down

0 comments on commit 6fc896b

Please sign in to comment.