You are viewing a plain text version of this content. The canonical link for it is here.
Posted to batik-commits@xmlgraphics.apache.org by lb...@apache.org on 2015/03/05 13:53:44 UTC

svn commit: r1664335 - /xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java

Author: lbernardo
Date: Thu Mar  5 12:53:44 2015
New Revision: 1664335

URL: http://svn.apache.org/r1664335
Log:
disable external xml entities

Modified:
    xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java

Modified: xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java
URL: http://svn.apache.org/viewvc/xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java?rev=1664335&r1=1664334&r2=1664335&view=diff
==============================================================================
--- xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java (original)
+++ xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java Thu Mar  5 12:53:44 2015
@@ -30,26 +30,26 @@ import javax.xml.parsers.ParserConfigura
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 
-import org.apache.batik.util.HaltingThread;
-import org.apache.batik.util.XMLConstants;
-
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentType;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import org.xml.sax.Attributes;
 import org.xml.sax.ErrorHandler;
 import org.xml.sax.InputSource;
 import org.xml.sax.Locator;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
 import org.xml.sax.SAXParseException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.ext.LexicalHandler;
 import org.xml.sax.helpers.DefaultHandler;
 import org.xml.sax.helpers.XMLReaderFactory;
 
-import org.w3c.dom.DOMImplementation;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentType;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
+import org.apache.batik.util.HaltingThread;
+import org.apache.batik.util.XMLConstants;
 
 /**
  * This class contains methods for creating Document instances
@@ -399,6 +399,16 @@ public class SAXDocumentFactory
     static SAXParserFactory saxFactory;
     static {
         saxFactory = SAXParserFactory.newInstance();
+        try {
+            saxFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            saxFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+        } catch (SAXNotRecognizedException e) {
+            e.printStackTrace();
+        } catch (SAXNotSupportedException e) {
+            e.printStackTrace();
+        } catch (ParserConfigurationException e) {
+            e.printStackTrace();
+        }
     }
 
     /**