public class XMLReaderUtils
extends java.lang.Object
implements java.io.Serializable
OfflineContentHandler
to guard against
XML External Entity attacks.Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_MAX_ENTITY_EXPANSIONS |
static int |
DEFAULT_POOL_SIZE
Default size for the pool of SAX Parsers
and the pool of DOM builders
|
Constructor and Description |
---|
XMLReaderUtils() |
Modifier and Type | Method and Description |
---|---|
static org.w3c.dom.Document |
buildDOM(java.io.InputStream is)
Builds a Document with a DocumentBuilder from the pool
|
static org.w3c.dom.Document |
buildDOM(java.io.InputStream is,
ParseContext context)
This checks context for a user specified
DocumentBuilder . |
static org.w3c.dom.Document |
buildDOM(java.nio.file.Path path)
Builds a Document with a DocumentBuilder from the pool
|
static org.w3c.dom.Document |
buildDOM(java.lang.String uriString)
Builds a Document with a DocumentBuilder from the pool
|
static java.lang.String |
getAttrValue(java.lang.String localName,
org.xml.sax.Attributes atts) |
static javax.xml.parsers.DocumentBuilder |
getDocumentBuilder()
Returns the DOM builder specified in this parsing context.
|
static javax.xml.parsers.DocumentBuilderFactory |
getDocumentBuilderFactory()
Returns the DOM builder factory specified in this parsing context.
|
static int |
getMaxEntityExpansions() |
static int |
getPoolSize() |
static javax.xml.parsers.SAXParser |
getSAXParser()
Returns the SAX parser specified in this parsing context.
|
static javax.xml.parsers.SAXParserFactory |
getSAXParserFactory()
Returns the SAX parser factory specified in this parsing context.
|
static javax.xml.transform.Transformer |
getTransformer()
Returns a new transformer
|
static javax.xml.stream.XMLInputFactory |
getXMLInputFactory()
Returns the StAX input factory specified in this parsing context.
|
static org.xml.sax.XMLReader |
getXMLReader()
Returns the XMLReader specified in this parsing context.
|
static void |
parseSAX(java.io.InputStream is,
org.xml.sax.helpers.DefaultHandler contentHandler,
ParseContext context)
This checks context for a user specified
SAXParser . |
static void |
setMaxEntityExpansions(int maxEntityExpansions)
Set the maximum number of entity expansions allowable in SAX/DOM/StAX parsing.
|
static void |
setPoolSize(int poolSize)
Set the pool size for cached XML parsers.
|
public static final int DEFAULT_POOL_SIZE
public static final int DEFAULT_MAX_ENTITY_EXPANSIONS
public static void setMaxEntityExpansions(int maxEntityExpansions)
JAXP_ENTITY_EXPANSION_LIMIT_KEY
and the DEFAULT_MAX_ENTITY_EXPANSIONS
value for allowable entity expansions
NOTE: To trigger a rebuild of the pool of parsers with this setting,
the client must call setPoolSize(int)
to rebuild the SAX and DOM parsers
with this setting.
maxEntityExpansions
- -- maximum number of allowable entity expansionspublic static org.xml.sax.XMLReader getXMLReader() throws TikaException
TikaException
getSAXParser()
public static javax.xml.parsers.SAXParser getSAXParser() throws TikaException
Make sure to wrap your handler in the OfflineContentHandler
to
prevent XML External Entity attacks
If you call reset() on the parser, make sure to replace the SecurityManager which will be cleared by xerces2 on reset().
TikaException
- if a SAX parser could not be createdgetSAXParserFactory()
public static javax.xml.parsers.SAXParserFactory getSAXParserFactory()
secure XML processing
.
Make sure to wrap your handler in the OfflineContentHandler
to
prevent XML External Entity attacks
public static javax.xml.parsers.DocumentBuilderFactory getDocumentBuilderFactory()
public static javax.xml.parsers.DocumentBuilder getDocumentBuilder() throws TikaException
IGNORING_SAX_ENTITY_RESOLVER
,
and it sets the ErrorHandler to null
.TikaException
public static javax.xml.stream.XMLInputFactory getXMLInputFactory()
IGNORING_STAX_ENTITY_RESOLVER
.public static javax.xml.transform.Transformer getTransformer() throws TikaException
The transformer instance is configured to to use
secure XML processing
.
TikaException
- when the transformer can not be createdpublic static org.w3c.dom.Document buildDOM(java.io.InputStream is, ParseContext context) throws TikaException, java.io.IOException, org.xml.sax.SAXException
DocumentBuilder
.
If one is not found, this reuses a DocumentBuilder from the pool.is
- InputStream to parsecontext
- context to useTikaException
java.io.IOException
org.xml.sax.SAXException
public static org.w3c.dom.Document buildDOM(java.nio.file.Path path) throws TikaException, java.io.IOException, org.xml.sax.SAXException
path
- path to parseTikaException
java.io.IOException
org.xml.sax.SAXException
public static org.w3c.dom.Document buildDOM(java.lang.String uriString) throws TikaException, java.io.IOException, org.xml.sax.SAXException
uriString
- uriString to processTikaException
java.io.IOException
org.xml.sax.SAXException
public static org.w3c.dom.Document buildDOM(java.io.InputStream is) throws TikaException, java.io.IOException, org.xml.sax.SAXException
TikaException
java.io.IOException
org.xml.sax.SAXException
public static void parseSAX(java.io.InputStream is, org.xml.sax.helpers.DefaultHandler contentHandler, ParseContext context) throws TikaException, java.io.IOException, org.xml.sax.SAXException
SAXParser
.
If one is not found, this reuses a SAXParser from the pool.is
- InputStream to parsecontentHandler
- handler to usecontext
- context to useTikaException
java.io.IOException
org.xml.sax.SAXException
public static void setPoolSize(int poolSize) throws TikaException
MAX_ENTITY_EXPANSIONS
poolSize
- TikaException
public static int getPoolSize()
public static int getMaxEntityExpansions()
public static java.lang.String getAttrValue(java.lang.String localName, org.xml.sax.Attributes atts)
localName
- atts
- null
if not found"Copyright © 2010 - 2020 Adobe Systems Incorporated. All Rights Reserved"