diff options
author | Jon Bratseth <bratseth@verizonmedia.com> | 2020-01-06 21:06:26 +0100 |
---|---|---|
committer | Jon Bratseth <bratseth@verizonmedia.com> | 2020-01-06 21:06:26 +0100 |
commit | 1f6753d9d0f35a4a6612987fe8c6ea42ff166495 (patch) | |
tree | 0cfd3557a7400b7178b5dd6aa884d3407237d552 /config-application-package/src/main/java/com/yahoo/config/application/Xml.java | |
parent | cc711b5a8fbc1a7a5897f8ee1761103fcb89e644 (diff) |
Non-functional changes
Diffstat (limited to 'config-application-package/src/main/java/com/yahoo/config/application/Xml.java')
-rw-r--r-- | config-application-package/src/main/java/com/yahoo/config/application/Xml.java | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/config-application-package/src/main/java/com/yahoo/config/application/Xml.java b/config-application-package/src/main/java/com/yahoo/config/application/Xml.java index e28c5eac0bb..1cdb54a743c 100644 --- a/config-application-package/src/main/java/com/yahoo/config/application/Xml.java +++ b/config-application-package/src/main/java/com/yahoo/config/application/Xml.java @@ -68,6 +68,7 @@ public class Xml { static DocumentBuilder getPreprocessDocumentBuilder() throws ParserConfigurationException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setFeature("http://xml.org/sax/features/external-general-entities", false); // XXE prevention factory.setNamespaceAware(true); factory.setXIncludeAware(false); factory.setValidating(false); |