package org.opendaylight.yangtools.util.xml;
import com.google.common.annotations.Beta;
+import java.io.InputStream;
+import java.io.Reader;
+import java.nio.charset.Charset;
import javax.annotation.Nonnull;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
import org.xml.sax.SAXException;
/**
try {
f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ f.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
f.setFeature("http://xml.org/sax/features/external-general-entities", false);
f.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
} catch (final ParserConfigurationException e) {
try {
f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ f.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
f.setFeature("http://xml.org/sax/features/external-general-entities", false);
f.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
} catch (final Exception e) {
SPF = f;
}
+ private static final XMLInputFactory XIF;
+ static {
+ final XMLInputFactory f = XMLInputFactory.newInstance();
+
+ f.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);
+ f.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.TRUE);
+ f.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
+ f.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
+
+ XIF = f;
+ }
+
+
/**
* Create a new {@link DocumentBuilder} for dealing with untrusted XML data. This method is equivalent to
* {@link DocumentBuilderFactory#newDocumentBuilder()}, except it does not throw a checked exception.
throw new UnsupportedOperationException("Failed to instantiate a SAXParser", e);
}
}
+
+ /**
+ * Create a new {@link XMLStreamReader} for dealing with untrusted XML data. This method is equivalent to
+ * {@link XMLInputFactory#createXMLStreamReader(InputStream)}.
+ *
+ * @return A new XMLStreamReader
+ * @throws XMLStreamException when the underlying factory throws it
+ */
+ public static @Nonnull XMLStreamReader createXMLStreamReader(final InputStream stream) throws XMLStreamException {
+ return XIF.createXMLStreamReader(stream);
+ }
+
+ /**
+ * Create a new {@link XMLStreamReader} for dealing with untrusted XML data. This method is equivalent to
+ * {@link XMLInputFactory#createXMLStreamReader(InputStream, String)}, except it takes an explict charset argument.
+ *
+ * @return A new XMLStreamReader
+ * @throws XMLStreamException when the underlying factory throws it
+ */
+ public static @Nonnull XMLStreamReader createXMLStreamReader(final InputStream stream, final Charset charset)
+ throws XMLStreamException {
+ return XIF.createXMLStreamReader(stream, charset.name());
+ }
+
+ /**
+ * Create a new {@link XMLStreamReader} for dealing with untrusted XML data. This method is equivalent to
+ * {@link XMLInputFactory#createXMLStreamReader(Reader)}.
+ *
+ * @return A new XMLStreamReader
+ * @throws XMLStreamException when the underlying factory throws it
+ */
+ public static @Nonnull XMLStreamReader createXMLStreamReader(final Reader reader) throws XMLStreamException {
+ return XIF.createXMLStreamReader(reader);
+ }
}