Skip to content
Create a gist now

Instantly share code, notes, and snippets.

anonymous /gist:5599156

Disallowing XML external entities in Java DocumentBuilderFactory.
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; // catching unsupported features
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
try {
// Xerces 1 -
// Xerces 2 -
dbf.setFeature("", false);
// Xerces 2 only -
dbf.setFeature("", false);
// remaining parser logic
} catch (ParserConfigurationException e) {
// Tried an unsupported feature. This may indicate that a different XML processor is being
// used. If so, then its features need to be researched and applied correctly.
// For example, using the Xerces 2 feature above on a Xerces 1 processor will throw this
// exception.
} catch ... {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.