Hi, How can we achieve the $subject? I have tried below code
String fileData = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><!DOCTYPE sampleVal [ <!ENTITY sampleVal SYSTEM \"file:///media/sample\">]><configuration><driverClassName>com.mysql.jdbc.Driver</driverClassName><url>jdbc:mysql://localhost:3306/test</url><username>&sampleVal;</username><password encrypted=\"true\">test</password></configuration>"; TransformerFactory transformerFactory = TransformerFactory.newInstance(); transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); Transformer transformer = transformerFactory.newTransformer(); StringWriter buff = new StringWriter(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); transformer.transform(new StreamSource(new StringReader(fileData)), new StreamResult(buff)); System.out.println(buff.toString()); but it still expands the DTD and replace the value in xml. result is as below <!DOCTYPE acunetix [ <!ENTITY acunetixent SYSTEM "file:///media/rajith/Office/Wso2/support/DHSDEV-1/sample" > ]> <configuration><driverClassName>com.mysql.jdbc.Driver</driverClassName><url>jdbc:mysql://localhost:3306/test</url><username>test </username><password encrypted="true">test123</password></configuration> which contains the expanded dtd value. Appreciate any pointers regarding this. Note that underlying we are using "org.apache.xalan.processor.TransformerFactoryImpl" and it doesn't support the "XMLConstants.ACCESS_EXTERNAL_DTD" feature as well. Thanks, -- Rajith Vitharana Software Engineer, WSO2 Inc. : wso2.com Mobile : +94715883223 Blog : http://lankavitharana.blogspot.com/
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev