svn commit: r1875860 - /poi/trunk/src/java/org/apache/poi/util/XMLHelper.java

Sun, 29 Mar 2020 07:55:51 -0700 

Author: kiwiwings
Date: Sun Mar 29 14:55:31 2020
New Revision: 1875860

URL: http://svn.apache.org/viewvc?rev=1875860&view=rev
Log:
Sonar Fixes - try to fix XXE warnings

Modified:
    poi/trunk/src/java/org/apache/poi/util/XMLHelper.java

Modified: poi/trunk/src/java/org/apache/poi/util/XMLHelper.java
URL: 
http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/util/XMLHelper.java?rev=1875860&r1=1875859&r2=1875860&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/util/XMLHelper.java (original)
+++ poi/trunk/src/java/org/apache/poi/util/XMLHelper.java Sun Mar 29 14:55:31 
2020
@@ -219,6 +219,7 @@ public final class XMLHelper {
         trySet(factory::setFeature, FEATURE_SECURE_PROCESSING, true);
         trySet(factory::setAttribute, ACCESS_EXTERNAL_DTD, "");
         trySet(factory::setAttribute, ACCESS_EXTERNAL_STYLESHEET, "");
+        trySet(factory::setAttribute, ACCESS_EXTERNAL_SCHEMA, "");
         return factory;
     }
 
@@ -235,6 +236,7 @@ public final class XMLHelper {
         SchemaFactory factory = 
SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI);
         trySet(factory::setFeature, FEATURE_SECURE_PROCESSING, true);
         trySet(factory::setProperty, ACCESS_EXTERNAL_DTD, "");
+        trySet(factory::setProperty, ACCESS_EXTERNAL_STYLESHEET, "");
         trySet(factory::setProperty, ACCESS_EXTERNAL_SCHEMA, "");
         return factory;
     }



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to