< prev index next >
jaxws/src/jdk.xml.ws/share/classes/com/sun/tools/internal/ws/wsdl/parser/DOMForest.java
Print this page
*** 1,7 ****
/*
! * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
--- 1,7 ----
/*
! * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
*** 113,128 ****
this.errorReceiver = errReceiver;
this.logic = logic;
try {
// secure xml processing can be switched off if input requires it
boolean secureProcessingEnabled = options == null || !options.disableXmlSecurity;
! DocumentBuilderFactory dbf = XmlUtil.newDocumentBuilderFactory(secureProcessingEnabled);
dbf.setNamespaceAware(true);
this.documentBuilder = dbf.newDocumentBuilder();
this.parserFactory = XmlUtil.newSAXParserFactory(secureProcessingEnabled);
this.parserFactory.setNamespaceAware(true);
} catch (ParserConfigurationException e) {
throw new AssertionError(e);
}
}
--- 113,142 ----
this.errorReceiver = errReceiver;
this.logic = logic;
try {
// secure xml processing can be switched off if input requires it
boolean secureProcessingEnabled = options == null || !options.disableXmlSecurity;
! DocumentBuilderFactory dbf = XmlUtil.newDocumentBuilderFactory(!secureProcessingEnabled);
dbf.setNamespaceAware(true);
this.documentBuilder = dbf.newDocumentBuilder();
this.parserFactory = XmlUtil.newSAXParserFactory(secureProcessingEnabled);
this.parserFactory.setNamespaceAware(true);
+
+ if(secureProcessingEnabled){
+ dbf.setExpandEntityReferences(false);
+ try {
+ parserFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ parserFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ parserFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ } catch (SAXNotRecognizedException e){
+ throw new ParserConfigurationException(e.getMessage());
+ } catch (SAXNotSupportedException e) {
+ throw new ParserConfigurationException(e.getMessage());
+ }
+ }
+
} catch (ParserConfigurationException e) {
throw new AssertionError(e);
}
}
< prev index next >