summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2017-03-07 11:02:55 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2017-03-07 11:02:55 +0100
commite46e9a87913413b6948591e7429d2f40b51cfe58 (patch)
tree5c6ef5b4fd3f92cac6aac765f14882a3c678d191
parent09fe07c25b5caa73128eba18cc1aca0e9392a024 (diff)
downloadmocca-e46e9a87913413b6948591e7429d2f40b51cfe58.tar.gz
mocca-e46e9a87913413b6948591e7429d2f40b51cfe58.tar.bz2
mocca-e46e9a87913413b6948591e7429d2f40b51cfe58.zip
set XML parser properties to SL request unmarshaller
Diffstat
-rw-r--r--utils/src/main/java/at/gv/egiz/slbinding/SLUnmarshaller.java5
1 files changed, 5 insertions, 0 deletions
diff --git a/utils/src/main/java/at/gv/egiz/slbinding/SLUnmarshaller.java b/utils/src/main/java/at/gv/egiz/slbinding/SLUnmarshaller.java
index 90e08401..70f5dce1 100644
--- a/utils/src/main/java/at/gv/egiz/slbinding/SLUnmarshaller.java
+++ b/utils/src/main/java/at/gv/egiz/slbinding/SLUnmarshaller.java
@@ -238,6 +238,11 @@ public Object unmarshal(StreamSource source) throws XMLStreamException, JAXBExce
ReportingValidationEventHandler validationEventHandler = new ReportingValidationEventHandler();
XMLInputFactory inputFactory = XMLInputFactory.newInstance();
+
+ //disallow DTD and external entities
+ inputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+ inputFactory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
+
XMLEventReader eventReader = inputFactory.createXMLEventReader(source.getReader());
RedirectEventFilter redirectEventFilter = new RedirectEventFilter();
XMLEventReader filteredReader = inputFactory.createFilteredReader(eventReader, redirectEventFilter);
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-25 07:55:30 +0000