@Nullable
private JAXBTYPE _readSecurelyFromInputSource(@Nonnull final InputSource aInputSource) {
// Initialize settings with defaults
final SAXReaderSettings aSettings = new SAXReaderSettings();
if (m_bReadSecure) {
// Apply settings that make reading more secure
aSettings.setFeatureValues(EXMLParserFeature.AVOID_XML_ATTACKS);
}
// Create new XML reader
final org.xml.sax.XMLReader aParser = SAXReaderFactory.createXMLReader();
// Apply settings
aSettings.applyToSAXReader(aParser);
return read(new SAXSource(aParser, aInputSource));
}
/**
* Set additional SAX reader settings that are used when an XHTML fragment is read. All settings
* are reused when parsing except for the entity resolver which is always set to the default
* {@link HTMLEntityResolver}.
*
* @param aAdditionalSaxReaderSettings The settings to be used. May be <code>null</code>.
*/
public void setAdditionalSAXReaderSettings(
@Nullable final ISAXReaderSettings aAdditionalSaxReaderSettings) {
this.m_aAdditionalSAXReaderSettings =
SAXReaderSettings.createCloneOnDemand(aAdditionalSaxReaderSettings);
}