Package org.wildfly.common.xml

Class SAXParserFactoryUtil

  • public final class SAXParserFactoryUtil
extends java.lang.Object
    Factory provides SAXParserFactory with secure defaults set. Properties not supported generate a warning, but the factory process creation will continue and return a result. Settings based on recommendations of Sonarcloud RSPEC-2755 and OWASP XML External Entity Prevention Cheatsheet.

    • XMLConstants.FEATURE_SECURE_PROCESSING is set to true.
    • FactoryConstants.APACHE_DISALLOW_DOCTYPE_DECL is set to true.
    • FactoryConstants.XML_EXTERNAL_GENERAL_ENTITIES is set to false.
    • FactoryConstants.XML_EXTERNAL_PARAMETER_ENTITIES is set to false.
    Since:
    1.6.0.Final
    Author:
    Boris Unckel

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.xml.parsers.SAXParserFactory create()  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • create

        @NotNull
public static javax.xml.parsers.SAXParserFactory create()