vanitasvitae/Smack
1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-11-17 17:52:06 +01:00
Code Issues Releases Wiki Activity

Merge pull request #438 from Flowdalic/stax-disable-xxe-and-dtd

Browse source 
[xmlparser-stax] Disable external entities and DTD
This commit is contained in:
Florian Schmaus 2020-10-05 09:15:42 +02:00 committed by GitHub
commit 28dd56a13a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
smack-xmlparser-stax/src/main/java/org/jivesoftware/smack/xml/stax/StaxXmlPullParserFactory.java
View file

@ -1,6 +1,6 @@
/**
*
* Copyright 2019 Florian Schmaus
* Copyright 2020-2020 Florian Schmaus
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -34,7 +34,10 @@ public class StaxXmlPullParserFactory implements XmlPullParserFactory {
// getText().
xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, true);
// Internal and external entity references are prohibited in XMPP (RFC 6120 § 11.1).
xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
xmlInputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, false);
// We don't need to support DTDs in XMPP.
xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
}
@Override