summaryrefslogtreecommitdiff
path: root/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java')
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java7
1 files changed, 5 insertions, 2 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
index e8d5c294..4b8a7a04 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java
@@ -33,6 +33,7 @@ import java.util.Map.Entry;
import java.util.Set;
import java.util.Vector;
+import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
@@ -45,8 +46,6 @@ import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
-import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants;
-
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.xerces.parsers.DOMParser;
@@ -71,6 +70,8 @@ import org.xml.sax.ErrorHandler;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
+import at.gv.egiz.eaaf.core.api.data.XmlNamespaceConstants;
+
/**
* Various utility functions for handling XML DOM trees.
*
@@ -785,6 +786,7 @@ public class DomUtils {
throws TransformerException, IOException {
final TransformerFactory transformerFactory = TransformerFactory.newInstance();
+ transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
final Transformer transformer = transformerFactory.newTransformer();
final ByteArrayOutputStream bos = new ByteArrayOutputStream(16384);
@@ -1211,6 +1213,7 @@ public class DomUtils {
// StringWriter stringWriter = new StringWriter();
final Result result = new StreamResult(out);
final TransformerFactory factory = TransformerFactory.newInstance();
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
final Transformer transformer = factory.newTransformer();
transformer.transform(source, result);
return out.toByteArray();
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 03:52:02 +0000