[SECURITY-167] defend against XXE attacks.
Added a new EntityResolver that will throw an exception if any attempts are made to load external entities. Made the transforer use SAX so that we can use out EntityResolover. As we can't defend against calls that have already parsed the xml (e.g. DOMSource) if we are parsed one of those throw an exception (which can be disabled with a System property.
Please register or sign in to comment