List of usage examples for org.jdom2.input SAXBuilder createParser
protected XMLReader createParser() throws JDOMException
From source file:com.rometools.rome.io.WireFeedInput.java
License:Open Source License
/** * Creates and sets up a org.jdom2.input.SAXBuilder for parsing. * * @return a new org.jdom2.input.SAXBuilder object *//* w w w.j a va2s .co m*/ protected SAXBuilder createSAXBuilder() { SAXBuilder saxBuilder; if (validate) { saxBuilder = new SAXBuilder(XMLReaders.DTDVALIDATING); } else { saxBuilder = new SAXBuilder(XMLReaders.NONVALIDATING); } saxBuilder.setEntityResolver(RESOLVER); // // This code is needed to fix the security problem outlined in // http://www.securityfocus.com/archive/1/297714 // // Unfortunately there isn't an easy way to check if an XML parser // supports a particular feature, so // we need to set it and catch the exception if it fails. We also need // to subclass the JDom SAXBuilder // class in order to get access to the underlying SAX parser - otherwise // the features don't get set until // we are already building the document, by which time it's too late to // fix the problem. // // Crimson is one parser which is known not to support these features. try { final XMLReader parser = saxBuilder.createParser(); setFeature(saxBuilder, parser, "http://xml.org/sax/features/external-general-entities", false); setFeature(saxBuilder, parser, "http://xml.org/sax/features/external-parameter-entities", false); setFeature(saxBuilder, parser, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false); if (!allowDoctypes) { setFeature(saxBuilder, parser, "http://apache.org/xml/features/disallow-doctype-decl", true); } } catch (final JDOMException e) { throw new IllegalStateException("JDOM could not create a SAX parser"); } saxBuilder.setExpandEntities(false); return saxBuilder; }
From source file:com.sun.syndication.io.WireFeedInput.java
License:Open Source License
/** * Creates and sets up a org.jdom2.input.SAXBuilder for parsing. * //from www. ja v a 2 s .co m * @return a new org.jdom2.input.SAXBuilder object */ protected SAXBuilder createSAXBuilder() { SAXBuilder saxBuilder = new SAXBuilder(_validate); saxBuilder.setEntityResolver(RESOLVER); // // This code is needed to fix the security problem outlined in http://www.securityfocus.com/archive/1/297714 // // Unfortunately there isn't an easy way to check if an XML parser supports a particular feature, so // we need to set it and catch the exception if it fails. We also need to subclass the JDom SAXBuilder // class in order to get access to the underlying SAX parser - otherwise the features don't get set until // we are already building the document, by which time it's too late to fix the problem. // // Crimson is one parser which is known not to support these features. try { XMLReader parser = saxBuilder.createParser(); try { parser.setFeature("http://xml.org/sax/features/external-general-entities", false); saxBuilder.setFeature("http://xml.org/sax/features/external-general-entities", false); } catch (SAXNotRecognizedException e) { // ignore } catch (SAXNotSupportedException e) { // ignore } try { parser.setFeature("http://xml.org/sax/features/external-parameter-entities", false); saxBuilder.setFeature("http://xml.org/sax/features/external-parameter-entities", false); } catch (SAXNotRecognizedException e) { // ignore } catch (SAXNotSupportedException e) { // ignore } try { parser.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); saxBuilder.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); } catch (SAXNotRecognizedException e) { // ignore } catch (SAXNotSupportedException e) { // ignore } } catch (JDOMException e) { throw new IllegalStateException("JDOM could not create a SAX parser"); } saxBuilder.setExpandEntities(false); return saxBuilder; }