Skip to content

Commit

Permalink
Merge pull request #5952 from effective-webwork/3-6-dtd-security-issue
Browse files Browse the repository at this point in the history 
[3.6] Fix DTD security issue
  • Loading branch information
@solth
solth authored Feb 26, 2024
2 parents 265c712 + 6889e23 commit 225fddc
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions Kitodo-Query-URL-Import/src/main/java/org/kitodo/queryurlimport/QueryURLImport.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -430,6 +430,7 @@ private Document stringToDocument(String xmlContent) throws ParserConfigurationE
SAXException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
documentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
return documentBuilder.parse(new InputSource(new StringReader(xmlContent)));
}
Expand Down

0 comments on commit 225fddc

Please sign in to comment.