Improve comment for BEAStAXDrvier concerning external entities.

Author: joehni

xstream/src/java/com/thoughtworks/xstream/io/xml/BEAStaxDriver.java

@@ -67,7 +67,9 @@ public BEAStaxDriver(final NameCoder nameCoder) {
     @Override
     protected XMLInputFactory createInputFactory() {
         final XMLInputFactory instance = new MXParserFactory();
-//        instance.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, true);
+        instance.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+//        if (instance.isPropertySupported(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES))
+//            throw new IllegalStateException("Should not support extgernal entities now!");
         return instance;
     }
 

xstream/src/test/com/thoughtworks/xstream/io/xml/BEAStaxReaderTest.java

@@ -28,8 +28,7 @@ protected HierarchicalStreamReader createReader(final String xml) throws Excepti
 
     @Override
     public void testIsXXEVulnerable() throws Exception {
-        // Implementation wrongly claims not to handle external entities.
-        // On top it ignores XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES !!
+        // Implementation ignores XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES set to false.
         // super.testIsXXEVulnerable();
     }