svn commit: r1833710 - /ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java

Mon, 18 Jun 2018 05:27:01 -0700 

Author: taher
Date: Mon Jun 18 12:26:36 2018
New Revision: 1833710

URL: http://svn.apache.org/viewvc?rev=1833710&view=rev
Log:
Applied trunk fix on revision r1833708 (OFBIZ-10435)

Modified:
    
ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java

Modified: 
ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java
URL: 
http://svn.apache.org/viewvc/ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java?rev=1833710&r1=1833709&r2=1833710&view=diff
==============================================================================
--- 
ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java
 (original)
+++ 
ofbiz/branches/release16.11/framework/base/src/main/java/org/apache/ofbiz/base/util/UtilXml.java
 Mon Jun 18 12:26:36 2018
@@ -431,6 +431,12 @@ public final class UtilXml {
         factory.setAttribute("http://xml.org/sax/features/validation";, 
validate);
         
factory.setAttribute("http://apache.org/xml/features/validation/schema";, 
validate);
 
+        
factory.setFeature("http://xml.org/sax/features/external-general-entities";, 
false);
+        
factory.setFeature("http://xml.org/sax/features/external-parameter-entities";, 
false);
+        
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd";,
 false);
+        factory.setXIncludeAware(false);
+        factory.setExpandEntityReferences(false);
+
         // with a SchemaUrl, a URL object
         DocumentBuilder builder = factory.newDocumentBuilder();
         if (validate) {

Reply via email to