fix: 防范XML注入漏洞

nutzam · Jul 5, 2018 · fb52b06 · fb52b06
1 parent 82f541d
commit fb52b06
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/org/nutz/lang/Xmls.java b/src/org/nutz/lang/Xmls.java
@@ -48,7 +48,9 @@ public abstract class Xmls {
      * @throws ParserConfigurationException
      */
     public static DocumentBuilder xmls() throws ParserConfigurationException {
-        return DocumentBuilderFactory.newInstance().newDocumentBuilder();
+        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+        factory.setExpandEntityReferences(false);
+        return factory.newDocumentBuilder();
     }
 
     public static Document xml(InputStream ins) {