List of usage examples for org.jdom2.input SAXBuilder setExpandEntities
public void setExpandEntities(final boolean expand)
This sets whether or not to expand entities for the builder.
From source file:com.googlesource.gerrit.plugins.manifest.ManifestXml.java
License:Apache License
public ManifestXml(String xml) throws IOException, ParserConfigurationException, SAXException, JDOMException { // Insert a unique identifier for entity definitions to prevent them from // getting expanded during the parse genReplacementText(xml);// w w w.j ava 2 s .c o m xml = xml.replaceAll("&([^;]*);", replacementText + "$1;"); SAXBuilder builder = new SAXBuilder(); builder.setSAXHandlerFactory(new SAXHandlerFactory() { @Override public SAXHandler createSAXHandler(JDOMFactory jdomFactory) { return new SAXHandler() { @Override public void attributeDecl(String eName, String aName, String type, String valueDefault, String value) { dtdAttributes.add(new DTDAttribute(eName, aName, type, valueDefault, value)); super.attributeDecl(eName, aName, type, valueDefault, value); } }; } }); builder.setExpandEntities(false); doc = builder.build(new InputSource(new StringReader(xml))); }
From source file:com.rometools.rome.io.WireFeedInput.java
License:Open Source License
/** * Creates and sets up a org.jdom2.input.SAXBuilder for parsing. * * @return a new org.jdom2.input.SAXBuilder object *//*from w ww . j ava 2s . c o m*/ protected SAXBuilder createSAXBuilder() { SAXBuilder saxBuilder; if (validate) { saxBuilder = new SAXBuilder(XMLReaders.DTDVALIDATING); } else { saxBuilder = new SAXBuilder(XMLReaders.NONVALIDATING); } saxBuilder.setEntityResolver(RESOLVER); // // This code is needed to fix the security problem outlined in // http://www.securityfocus.com/archive/1/297714 // // Unfortunately there isn't an easy way to check if an XML parser // supports a particular feature, so // we need to set it and catch the exception if it fails. We also need // to subclass the JDom SAXBuilder // class in order to get access to the underlying SAX parser - otherwise // the features don't get set until // we are already building the document, by which time it's too late to // fix the problem. // // Crimson is one parser which is known not to support these features. try { final XMLReader parser = saxBuilder.createParser(); setFeature(saxBuilder, parser, "http://xml.org/sax/features/external-general-entities", false); setFeature(saxBuilder, parser, "http://xml.org/sax/features/external-parameter-entities", false); setFeature(saxBuilder, parser, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false); if (!allowDoctypes) { setFeature(saxBuilder, parser, "http://apache.org/xml/features/disallow-doctype-decl", true); } } catch (final JDOMException e) { throw new IllegalStateException("JDOM could not create a SAX parser"); } saxBuilder.setExpandEntities(false); return saxBuilder; }
From source file:com.sun.syndication.io.WireFeedInput.java
License:Open Source License
/** * Creates and sets up a org.jdom2.input.SAXBuilder for parsing. * //from ww w .ja v a 2s . com * @return a new org.jdom2.input.SAXBuilder object */ protected SAXBuilder createSAXBuilder() { SAXBuilder saxBuilder = new SAXBuilder(_validate); saxBuilder.setEntityResolver(RESOLVER); // // This code is needed to fix the security problem outlined in http://www.securityfocus.com/archive/1/297714 // // Unfortunately there isn't an easy way to check if an XML parser supports a particular feature, so // we need to set it and catch the exception if it fails. We also need to subclass the JDom SAXBuilder // class in order to get access to the underlying SAX parser - otherwise the features don't get set until // we are already building the document, by which time it's too late to fix the problem. // // Crimson is one parser which is known not to support these features. try { XMLReader parser = saxBuilder.createParser(); try { parser.setFeature("http://xml.org/sax/features/external-general-entities", false); saxBuilder.setFeature("http://xml.org/sax/features/external-general-entities", false); } catch (SAXNotRecognizedException e) { // ignore } catch (SAXNotSupportedException e) { // ignore } try { parser.setFeature("http://xml.org/sax/features/external-parameter-entities", false); saxBuilder.setFeature("http://xml.org/sax/features/external-parameter-entities", false); } catch (SAXNotRecognizedException e) { // ignore } catch (SAXNotSupportedException e) { // ignore } try { parser.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); saxBuilder.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); } catch (SAXNotRecognizedException e) { // ignore } catch (SAXNotSupportedException e) { // ignore } } catch (JDOMException e) { throw new IllegalStateException("JDOM could not create a SAX parser"); } saxBuilder.setExpandEntities(false); return saxBuilder; }
From source file:ilarkesto.integration.jdom.JDom.java
License:Open Source License
private static SAXBuilder createSaxBuilder() { SAXBuilder builder = new SAXBuilder(false); builder.setExpandEntities(false); builder.setValidation(false);//ww w . ja v a 2 s. c om builder.setEntityResolver(DUMMY_ENTITY_RESOLVER); return builder; }
From source file:password.pwm.util.java.XmlUtil.java
License:Open Source License
private static SAXBuilder getBuilder() { final SAXBuilder builder = new SAXBuilder(); builder.setExpandEntities(false); builder.setValidation(false);//ww w . j av a 2 s . c o m builder.setFeature("http://xml.org/sax/features/resolve-dtd-uris", false); return builder; }