summaryrefslogtreecommitdiff
path: root/common/src
diff options
context:
space:
mode:
Diffstat (limited to 'common/src')
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java4
1 files changed, 4 insertions, 0 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 2b816ed4c..0a07fc4a7 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -246,6 +246,10 @@ public class DOMUtils {
parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
+
+ //fix XXE problem
+ parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+
if (validating) {
if (externalSchemaLocations != null) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-26 04:21:31 +0000