cid#1608302 XML external entity processing enabled
reformat to get it seen by scanner Change-Id: I44ce2c6ecd24e81e3b146b7f8b42b51f7d426e90 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171731 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
This commit is contained in:
parent
941c0614ff
commit
85acb1724e
1 changed files with 15 additions and 11 deletions
|
@ -64,18 +64,22 @@ public class XMLParserFactory {
|
||||||
public DefaultParser() {
|
public DefaultParser() {
|
||||||
factory = DocumentBuilderFactory.newInstance();
|
factory = DocumentBuilderFactory.newInstance();
|
||||||
|
|
||||||
String[] featuresToDisable = {
|
|
||||||
"http://xml.org/sax/features/external-general-entities",
|
|
||||||
"http://xml.org/sax/features/external-parameter-entities",
|
|
||||||
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
|
|
||||||
};
|
|
||||||
|
|
||||||
for (String feature : featuresToDisable) {
|
|
||||||
try {
|
try {
|
||||||
factory.setFeature(feature, false);
|
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||||
} catch (ParserConfigurationException e) {
|
} catch (ParserConfigurationException e) {
|
||||||
LogUtils.DEBUG(LogUtils.getTrace(e));
|
LogUtils.DEBUG(LogUtils.getTrace(e));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
||||||
|
} catch (ParserConfigurationException e) {
|
||||||
|
LogUtils.DEBUG(LogUtils.getTrace(e));
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||||
|
} catch (ParserConfigurationException e) {
|
||||||
|
LogUtils.DEBUG(LogUtils.getTrace(e));
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
Loading…
Reference in a new issue