Package org.wildfly.common.xml

Class XMLReaderFactoryUtil

java.lang.Object

org.wildfly.common.xml.XMLReaderFactoryUtil

public final class XMLReaderFactoryUtil
extends Object

Factory provides XMLReaderFactory with secure defaults set. Properties not supported generate a warning, but the factory process creation will continue and return a result. Settings based on recommendations of Sonarcloud RSPEC-2755 and OWASP XML External Entity Prevention Cheatsheet.

• FactoryConstants.APACHE_DISALLOW_DOCTYPE_DECL is set to true.
• FactoryConstants.APACHE_LOAD_EXTERNAL_DTD is set to false.
• FactoryConstants.XML_EXTERNAL_GENERAL_ENTITIES is set to false.
• FactoryConstants.XML_EXTERNAL_PARAMETER_ENTITIES is set to false.

Since:

1.6.0.Final

Author:

Boris Unckel

Method Summary

Modifier and Type	Method	Description
static XMLReader	create()	Factory generated with secure defaults.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

create

@NotNull
public static XMLReader create()
                        throws SAXException

Factory generated with secure defaults.

Returns:

an instance of the XMLInputFactory.

Throws:

SAXException