1 files changed, 15 insertions, 1 deletions

diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 31c91cd40..90fd7e1c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -50,6 +50,9 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.cert.CertificateException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -82,6 +85,16 @@ public class InfoboxReadResponseParser {
   /** This is the root element of the XML-Document provided by the Security Layer Card*/
   private Element infoBoxElem_;
 
+  private static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+
+  
   /**
    * Parses and validates the document given as string and extracts the 
    * root element.
@@ -132,7 +145,8 @@ public class InfoboxReadResponseParser {
   private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
     try {
       
-      Element responseElem = DOMUtils.parseXmlValidating(is);
+    	
+      Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
       
       if ("InfoboxReadResponse".equals(responseElem.getLocalName())) {
         infoBoxElem_ = responseElem;