@Nullable
  private JAXBTYPE _readSecurelyFromInputSource(@Nonnull final InputSource aInputSource) {
    // Initialize settings with defaults
    final SAXReaderSettings aSettings = new SAXReaderSettings();
    if (m_bReadSecure) {
      // Apply settings that make reading more secure
      aSettings.setFeatureValues(EXMLParserFeature.AVOID_XML_ATTACKS);
    }

    // Create new XML reader
    final org.xml.sax.XMLReader aParser = SAXReaderFactory.createXMLReader();

    // Apply settings
    aSettings.applyToSAXReader(aParser);

    return read(new SAXSource(aParser, aInputSource));
  }
Esempio n. 2
0
 /**
  * Set additional SAX reader settings that are used when an XHTML fragment is read. All settings
  * are reused when parsing except for the entity resolver which is always set to the default
  * {@link HTMLEntityResolver}.
  *
  * @param aAdditionalSaxReaderSettings The settings to be used. May be <code>null</code>.
  */
 public void setAdditionalSAXReaderSettings(
     @Nullable final ISAXReaderSettings aAdditionalSaxReaderSettings) {
   this.m_aAdditionalSAXReaderSettings =
       SAXReaderSettings.createCloneOnDemand(aAdditionalSaxReaderSettings);
 }