You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by ta...@apache.org on 2018/06/18 12:26:15 UTC

svn commit: r1833709 - /ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java

Author: taher
Date: Mon Jun 18 12:26:14 2018
New Revision: 1833709

URL: http://svn.apache.org/viewvc?rev=1833709&view=rev
Log:
Applied trunk fix on revision r1833708 (OFBIZ-10435)

Modified:
    ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java

Modified: ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java?rev=1833709&r1=1833708&r2=1833709&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java (original)
+++ ofbiz/ofbiz-framework/branches/release17.12/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java Mon Jun 18 12:26:14 2018
@@ -431,6 +431,12 @@ public final class UtilXml {
         factory.setAttribute("http://xml.org/sax/features/validation", validate);
         factory.setAttribute("http://apache.org/xml/features/validation/schema", validate);
 
+        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+        factory.setXIncludeAware(false);
+        factory.setExpandEntityReferences(false);
+
         // with a SchemaUrl, a URL object
         DocumentBuilder builder = factory.newDocumentBuilder();
         if (validate) {