如何禁用XML外部实体(XEE)在SAXBuilder的处理其中使用com.sun.org.apache.xerces.internal.parsers.SAXParser
问题描述:
这里是我的代码片段:如何禁用XML外部实体(XEE)在SAXBuilder的处理其中使用com.sun.org.apache.xerces.internal.parsers.SAXParser
public static SAXBuilder createBuilder(@NotNull final String schemaPath) {
final SAXBuilder builder = new SAXBuilder("com.sun.org.apache.xerces.internal.parsers.SAXParser", true);
builder.setFeature("http://apache.org/xml/features/validation/schema", true);
builder.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
builder.setFeature("http://apache.org/xml/features/disallow-doctype-decl",true);
builder.setFeature("http://xml.org/sax/features/external-general-entities", false);
builder.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
builder.setExpandEntities(false);
builder.setProperty("http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation", schemaPath);
builder.setEntityResolver(getEntityResolver());
return builder;
}
我花了一些时间来寻找,但没有太多的留在那里
答
我确定了这个问题的根本原因。这是因为我的xsd中的processContents="lax"
属性