List of usage examples for javax.xml XMLConstants FEATURE_SECURE_PROCESSING
String FEATURE_SECURE_PROCESSING
To view the source code for javax.xml XMLConstants FEATURE_SECURE_PROCESSING.
Click Source Link
From source file:Main.java
public static Document createNewDocument() throws Exception { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); dbf.setNamespaceAware(true);// w w w . j a v a2s. co m return dbf.newDocumentBuilder().newDocument(); }
From source file:Main.java
/** * potentially unsafe XML transformation. * @param source The XML input to transform. * @param out The Result of transforming the <code>source</code>. *///from www. j av a 2s . c o m private static void _transform(Source source, Result out) throws TransformerException { TransformerFactory factory = TransformerFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); // this allows us to use UTF-8 for storing data, // plus it checks any well-formedness issue in the submitted data. Transformer t = factory.newTransformer(); t.transform(source, out); }
From source file:Main.java
public static Document getXmlDocFromURI(InputStream is) throws Exception { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); dbf.setNamespaceAware(true);/*from ww w. jav a2 s.co m*/ return dbf.newDocumentBuilder().parse(is); }
From source file:Main.java
public static Document createNewDocument() throws Exception { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true);/* w w w. ja v a 2 s.c om*/ dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); //dbf.setIgnoringElementContentWhitespace(true); return dbf.newDocumentBuilder().newDocument(); }
From source file:Main.java
/** * @param is//from w ww. j a v a2 s.c om * @return * @throws ParserConfigurationException * @throws IOException * @throws SAXException */ public static Document parseInputStream(InputStream is) throws IOException { try { DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setNamespaceAware(false); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder builder = domFactory.newDocumentBuilder(); return builder.parse(is); } catch (Exception e) { throw new IOException("Error parsing XML Stream", e); } }
From source file:Main.java
/** * Writes XML Document into an xml file. * // w w w .jav a 2 s. c o m * @param fileName the target file with the full path * @param document the source document * @return boolean true if the file saved * @throws Exception */ public static boolean writeXmlFile(String fileName, Document document) throws Exception { // creating and writing to xml file File file = new File(fileName); TransformerFactory transformerFactory = TransformerFactory.newInstance(); transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); // to prevent XML External Entities attack Transformer transformer = transformerFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); transformer.setOutputProperty(OutputKeys.INDENT, "yes"); transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2"); transformer.transform(new DOMSource(document), new StreamResult(file)); return true; }
From source file:Main.java
/** * Create a new SAXParser which processes XML securely. * * @return a SAXParser//w ww . j av a 2 s.c o m */ public static SAXParser createSaxParser() { SAXParserFactory spf = SAXParserFactory.newInstance(); try { spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return spf.newSAXParser(); } catch (ParserConfigurationException | SAXException e) { throw new IllegalStateException(e); } }
From source file:Main.java
public static Transformer getTransformer(boolean standalone, boolean indent, int indentNumber, boolean omitXmlDeclaration) throws TransformerException { TransformerFactory f = TransformerFactory.newInstance(); f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); if (indent) { f.setAttribute("indent-number", indentNumber); }//from w w w . jav a 2 s . c om Transformer t = f.newTransformer(); if (standalone) { t.setOutputProperty(OutputKeys.STANDALONE, "yes"); } if (indent) { t.setOutputProperty(OutputKeys.INDENT, "yes"); t.setOutputProperty("{xml.apache.org/xslt}indent-amount", "" + indentNumber); } if (omitXmlDeclaration) { t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); } return t; }
From source file:Main.java
/** * Create a new DocumentBuilder which processes XML securely. * * @return a DocumentBuilder// w ww. java 2 s .c o m */ public static DocumentBuilder createDocumentBuilder() { try { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return documentBuilderFactory.newDocumentBuilder(); } catch (ParserConfigurationException e) { throw new IllegalStateException(e); } }
From source file:Main.java
public static Document createDocument(boolean standalone) throws ParserConfigurationException { DocumentBuilderFactory f = DocumentBuilderFactory.newInstance(); f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); DocumentBuilder b = f.newDocumentBuilder(); Document d = b.newDocument(); d.setXmlStandalone(standalone);/*from w ww . j a va 2 s.c o m*/ return d; }