Skip to content
Commit d6e14b1e authored by James Nord's avatar James Nord
Browse files

[SECURITY-167] defend against XXE attacks. 

Added a new EntityResolver that will throw an exception if any attempts
are made to load external entities.
Made the transforer use SAX so that we can use out EntityResolover.

As we can't defend against calls that have already parsed the xml (e.g.
DOMSource) if we are parsed one of those throw an exception (which can be
disabled with a System property.
parent 889b46cc
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment