aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-lib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'pdf-as-lib/src/main/java')
-rw-r--r--pdf-as-lib/src/main/java/at/gv/egiz/sl/util/SLMarschaller.java26
1 files changed, 24 insertions, 2 deletions
diff --git a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/SLMarschaller.java b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/SLMarschaller.java
index 8f570ccc..e53fc230 100644
--- a/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/SLMarschaller.java
+++ b/pdf-as-lib/src/main/java/at/gv/egiz/sl/util/SLMarschaller.java
@@ -32,6 +32,9 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -69,11 +72,30 @@ public class SLMarschaller {
}
public static Object unmarshal(InputStream is) throws JAXBException {
- return unmarshaller.unmarshal(is);
+ XMLInputFactory xif = XMLInputFactory.newFactory();
+ xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+ xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+ XMLStreamReader xmlStreamReader;
+ try {
+ xmlStreamReader = xif.createXMLStreamReader(is);
+ return unmarshaller.unmarshal(xmlStreamReader);
+ } catch (XMLStreamException e) {
+ throw new JAXBException(e);
+ }
+
}
public static Object unmarshalFromString(String message) throws JAXBException {
StringReader sr = new StringReader(message);
- return unmarshaller.unmarshal(sr);
+ XMLInputFactory xif = XMLInputFactory.newFactory();
+ xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+ xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+ XMLStreamReader xmlStreamReader;
+ try {
+ xmlStreamReader = xif.createXMLStreamReader(sr);
+ return unmarshaller.unmarshal(xmlStreamReader);
+ } catch (XMLStreamException e) {
+ throw new JAXBException(e);
+ }
}
}