Skip to content

Commit

Permalink
Fix XXE warning
Browse files Browse the repository at this point in the history
  • Loading branch information
@jumperchen
jumperchen committed Dec 6, 2023
1 parent 7c9456a commit 8a94e3e
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion zcommon/src/main/java/org/zkoss/idom/input/SAXBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,10 @@ public SAXBuilder(boolean nsaware, boolean validate)
// Fix XML external entity injection
fty.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
fty.setFeature("http://xml.org/sax/features/external-general-entities", false);


// Fix Resolving XML external entity in user-controlled data
fty.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);

// SAX2 namespace-prefixes should be true for either builder
setSafeFeature(fty, "http://xml.org/sax/features/namespace-prefixes", true);

Expand Down

0 comments on commit 8a94e3e

Please sign in to comment.