56 lines
2.5 KiB
Java
56 lines
2.5 KiB
Java
/* ====================================================================
|
|
Licensed to the Apache Software Foundation (ASF) under one or more
|
|
contributor license agreements. See the NOTICE file distributed with
|
|
this work for additional information regarding copyright ownership.
|
|
The ASF licenses this file to You under the Apache License, Version 2.0
|
|
(the "License"); you may not use this file except in compliance with
|
|
the License. You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
==================================================================== */
|
|
|
|
package org.apache.poi.util;
|
|
|
|
import javax.xml.XMLConstants;
|
|
import javax.xml.parsers.DocumentBuilderFactory;
|
|
|
|
/**
|
|
* Helper methods for working with javax.xml classes.
|
|
*/
|
|
public final class XMLHelper
|
|
{
|
|
private static POILogger logger = POILogFactory.getLogger(XMLHelper.class);
|
|
|
|
/**
|
|
* Creates a new DocumentBuilderFactory, with sensible defaults
|
|
*/
|
|
public static DocumentBuilderFactory getDocumentBuilderFactory() {
|
|
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
|
factory.setExpandEntityReferences(false);
|
|
trySetSAXFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
|
trySetSAXFeature(factory, "http://xml.org/sax/features/external-general-entities", false);
|
|
trySetSAXFeature(factory, "http://xml.org/sax/features/external-parameter-entities", false);
|
|
trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
|
trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false);
|
|
return factory;
|
|
}
|
|
|
|
private static void trySetSAXFeature(DocumentBuilderFactory documentBuilderFactory, String feature, boolean enabled) {
|
|
try {
|
|
documentBuilderFactory.setFeature(feature, enabled);
|
|
} catch (Exception e) {
|
|
logger.log(POILogger.WARN, "SAX Feature unsupported", feature, e);
|
|
} catch (AbstractMethodError ame) {
|
|
logger.log(POILogger.WARN, "Cannot set SAX feature because outdated XML parser in classpath", feature, ame);
|
|
}
|
|
}
|
|
|
|
|
|
}
|