aboutsummaryrefslogtreecommitdiff
path: root/common/src/main/java/at/gv/egovernment/moa
diff options
context:
space:
mode:
Diffstat (limited to 'common/src/main/java/at/gv/egovernment/moa')
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java5
1 files changed, 5 insertions, 0 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 102d3a31f..2b816ed4c 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -115,6 +115,8 @@ public class DOMUtils {
private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
"http://xml.org/sax/features/external-parameter-entities";
+ private static final String DISALLOW_DOCTYPE_FEATURE =
+ "http://apache.org/xml/features/disallow-doctype-decl";
@@ -514,6 +516,9 @@ public class DOMUtils {
parser.setFeature(NAMESPACES_FEATURE, true);
parser.setFeature(VALIDATION_FEATURE, true);
parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
+ parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+ parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true);
+
if (externalSchemaLocations != null) {
parser.setProperty(