Repository: knox Updated Branches: refs/heads/master 5f9ee5a08 -> 9b5665be7
KNOX-1201 - Disable DocTypes Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9b5665be Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9b5665be Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9b5665be Branch: refs/heads/master Commit: 9b5665be7016f3a574702d0ac843e9e677214dc5 Parents: 5f9ee5a Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Mar 8 11:01:58 2018 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Mar 8 11:01:58 2018 +0000 ---------------------------------------------------------------------- .../src/main/java/org/apache/knox/gateway/util/XmlUtils.java | 3 +++ 1 file changed, 3 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/9b5665be/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java ---------------------------------------------------------------------- diff --git a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java index fc21d4e..b3494fe 100644 --- a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java +++ b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java @@ -46,6 +46,7 @@ public class XmlUtils { public static Document readXml( InputStream input ) throws ParserConfigurationException, IOException, SAXException { DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder b = f.newDocumentBuilder(); return b.parse( input ); } @@ -53,6 +54,7 @@ public class XmlUtils { public static Document readXml( InputSource source ) throws ParserConfigurationException, IOException, SAXException { DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder b = f.newDocumentBuilder(); return b.parse( source ); } @@ -98,6 +100,7 @@ public class XmlUtils { public static Document createDocument(boolean standalone) throws ParserConfigurationException { DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder b = f.newDocumentBuilder(); Document d = b.newDocument(); d.setXmlStandalone( standalone );