Skip to content

Instantly share code, notes, and snippets.

Created May 17, 2013

What would you like to do?
Disallowing XML external entities in Java DocumentBuilderFactory.
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; // catching unsupported features
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
try {
// Xerces 1 -
// Xerces 2 -
dbf.setFeature("", false);
// Xerces 2 only -
dbf.setFeature("", false);
// remaining parser logic
} catch (ParserConfigurationException e) {
// Tried an unsupported feature. This may indicate that a different XML processor is being
// used. If so, then its features need to be researched and applied correctly.
// For example, using the Xerces 2 feature above on a Xerces 1 processor will throw this
// exception.
} catch ... {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.