import java.io.InputStream;
import java.io.Reader;
import java.nio.charset.Charset;
+import java.util.function.Supplier;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import org.eclipse.jdt.annotation.NonNull;
+import org.opendaylight.yangtools.util.ClassLoaderUtils;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;
private static final @NonNull DocumentBuilderFactory DBF;
static {
- final DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+ final DocumentBuilderFactory f = getLimited(DocumentBuilderFactory::newInstance);
f.setCoalescing(true);
f.setExpandEntityReferences(false);
f.setIgnoringElementContentWhitespace(true);
private static final SAXParserFactory SPF;
static {
- final SAXParserFactory f = SAXParserFactory.newInstance();
+ final SAXParserFactory f = getLimited(SAXParserFactory::newInstance);
f.setNamespaceAware(true);
f.setXIncludeAware(false);
try {
private static final XMLInputFactory XIF;
static {
- final XMLInputFactory f = XMLInputFactory.newInstance();
-
+ final XMLInputFactory f = getLimited(XMLInputFactory::newInstance);
f.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);
f.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.TRUE);
f.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
public static @NonNull XMLStreamReader createXMLStreamReader(final Reader reader) throws XMLStreamException {
return XIF.createXMLStreamReader(reader);
}
+
+ private static <T> T getLimited(final @NonNull Supplier<T> supplier) {
+ final ClassLoader loader = UntrustedXML.class.getClassLoader();
+ return loader == null ? supplier.get() : ClassLoaderUtils.getWithClassLoader(loader, supplier);
+ }
}