svn commit: r1847111 - /webservices/neethi/trunk/src/main/java/org/apache/neethi/builders/converters/StaxToDOMConverter.java

[co...@apache.org]

Author: coheigea
Date: Wed Nov 21 14:49:32 2018
New Revision: 1847111

URL: http://svn.apache.org/viewvc?rev=1847111&view=rev
Log:
Set secure processing feature + disallow doctypes

Modified:
    webservices/neethi/trunk/src/main/java/org/apache/neethi/builders/converters/StaxToDOMConverter.java

Modified: webservices/neethi/trunk/src/main/java/org/apache/neethi/builders/converters/StaxToDOMConverter.java
URL: http://svn.apache.org/viewvc/webservices/neethi/trunk/src/main/java/org/apache/neethi/builders/converters/StaxToDOMConverter.java?rev=1847111&r1=1847110&r2=1847111&view=diff
==============================================================================
--- webservices/neethi/trunk/src/main/java/org/apache/neethi/builders/converters/StaxToDOMConverter.java (original)
+++ webservices/neethi/trunk/src/main/java/org/apache/neethi/builders/converters/StaxToDOMConverter.java Wed Nov 21 14:49:32 2018
@@ -21,6 +21,7 @@ package org.apache.neethi.builders.conve
 
 import java.util.Stack;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.stream.XMLStreamConstants;
@@ -40,7 +41,11 @@ public class StaxToDOMConverter extends
 
     public Element convert(XMLStreamReader reader) {
         try {
-            Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+            dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+            dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+
+            Document doc = dbf.newDocumentBuilder().newDocument();
             readDocElements(doc, doc, reader);
             return doc.getDocumentElement();
         } catch (ParserConfigurationException ex) {