cid#1608302 XML external entity processing enabled
reformat to get it seen by scanner Change-Id: I44ce2c6ecd24e81e3b146b7f8b42b51f7d426e90 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171731 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
This commit is contained in:
parent
941c0614ff
commit
85acb1724e
1 changed files with 15 additions and 11 deletions
|
@ -64,18 +64,22 @@ public class XMLParserFactory {
|
|||
public DefaultParser() {
|
||||
factory = DocumentBuilderFactory.newInstance();
|
||||
|
||||
String[] featuresToDisable = {
|
||||
"http://xml.org/sax/features/external-general-entities",
|
||||
"http://xml.org/sax/features/external-parameter-entities",
|
||||
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
|
||||
};
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
LogUtils.DEBUG(LogUtils.getTrace(e));
|
||||
}
|
||||
|
||||
for (String feature : featuresToDisable) {
|
||||
try {
|
||||
factory.setFeature(feature, false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
LogUtils.DEBUG(LogUtils.getTrace(e));
|
||||
}
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
LogUtils.DEBUG(LogUtils.getTrace(e));
|
||||
}
|
||||
|
||||
try {
|
||||
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
LogUtils.DEBUG(LogUtils.getTrace(e));
|
||||
}
|
||||
|
||||
try {
|
||||
|
|
Loading…
Reference in a new issue