From 85acb1724e617c5f6f4877cf51f11d97691bbb39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolan.mcnamara@collabora.com>
Date: Sun, 11 Aug 2024 15:59:27 +0100
Subject: [PATCH] cid#1608302 XML external entity processing enabled
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

reformat to get it seen by scanner

Change-Id: I44ce2c6ecd24e81e3b146b7f8b42b51f7d426e90
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171731
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
---
 .../framework/container/XMLParserFactory.java | 26 +++++++++++--------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/scripting/java/com/sun/star/script/framework/container/XMLParserFactory.java b/scripting/java/com/sun/star/script/framework/container/XMLParserFactory.java
index dec4fc440415..7e67c3b384e5 100644
--- a/scripting/java/com/sun/star/script/framework/container/XMLParserFactory.java
+++ b/scripting/java/com/sun/star/script/framework/container/XMLParserFactory.java
@@ -64,18 +64,22 @@ public class XMLParserFactory {
         public DefaultParser() {
             factory = DocumentBuilderFactory.newInstance();
 
-            String[] featuresToDisable = {
-                "http://xml.org/sax/features/external-general-entities",
-                "http://xml.org/sax/features/external-parameter-entities",
-                "http://apache.org/xml/features/nonvalidating/load-external-dtd"
-            };
+            try {
+                factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            } catch (ParserConfigurationException e) {
+                LogUtils.DEBUG(LogUtils.getTrace(e));
+            }
 
-            for (String feature : featuresToDisable) {
-                try {
-                    factory.setFeature(feature, false);
-                } catch (ParserConfigurationException e) {
-                    LogUtils.DEBUG(LogUtils.getTrace(e));
-                }
+            try {
+                factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            } catch (ParserConfigurationException e) {
+                LogUtils.DEBUG(LogUtils.getTrace(e));
+            }
+
+            try {
+                factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+            } catch (ParserConfigurationException e) {
+                LogUtils.DEBUG(LogUtils.getTrace(e));
             }
 
             try {