/** * Returns the SAX parser factory specified in this parsing context. * If a factory is not explicitly specified, then a default factory * instance is created and returned. The default factory instance is * configured to be namespace-aware, not validating, and to use * {@link XMLConstants#FEATURE_SECURE_PROCESSING secure XML processing}. * <p> * Make sure to wrap your handler in the {@link OfflineContentHandler} to * prevent XML External Entity attacks * </p> * * @return SAX parser factory * @since Apache Tika 0.8 */ public static SAXParserFactory getSAXParserFactory() { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setNamespaceAware(true); factory.setValidating(false); trySetSAXFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true); trySetSAXFeature(factory, "http://xml.org/sax/features/external-general-entities", false); trySetSAXFeature(factory, "http://xml.org/sax/features/external-parameter-entities", false); trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false); trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); return factory; }
/** * Returns the DOM builder factory specified in this parsing context. * If a factory is not explicitly specified, then a default factory * instance is created and returned. The default factory instance is * configured to be namespace-aware and to apply reasonable security * features. * * @return DOM parser factory * @since Apache Tika 1.13 */ public static DocumentBuilderFactory getDocumentBuilderFactory() { //borrowed from Apache POI DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setExpandEntityReferences(false); factory.setNamespaceAware(true); factory.setValidating(false); trySetSAXFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true); trySetSAXFeature(factory, "http://xml.org/sax/features/external-general-entities", false); trySetSAXFeature(factory, "http://xml.org/sax/features/external-parameter-entities", false); trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false); trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); trySetXercesSecurityManager(factory); return factory; }
/** * Returns the SAX parser factory specified in this parsing context. * If a factory is not explicitly specified, then a default factory * instance is created and returned. The default factory instance is * configured to be namespace-aware, not validating, and to use * {@link XMLConstants#FEATURE_SECURE_PROCESSING secure XML processing}. * <p> * Make sure to wrap your handler in the {@link OfflineContentHandler} to * prevent XML External Entity attacks * </p> * * @return SAX parser factory * @since Apache Tika 0.8 */ public static SAXParserFactory getSAXParserFactory() { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setNamespaceAware(true); factory.setValidating(false); trySetSAXFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true); trySetSAXFeature(factory, "http://xml.org/sax/features/external-general-entities", false); trySetSAXFeature(factory, "http://xml.org/sax/features/external-parameter-entities", false); trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false); trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); return factory; }
/** * Returns the DOM builder factory specified in this parsing context. * If a factory is not explicitly specified, then a default factory * instance is created and returned. The default factory instance is * configured to be namespace-aware and to apply reasonable security * features. * * @return DOM parser factory * @since Apache Tika 1.13 */ public static DocumentBuilderFactory getDocumentBuilderFactory() { //borrowed from Apache POI DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setExpandEntityReferences(false); factory.setNamespaceAware(true); factory.setValidating(false); trySetSAXFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true); trySetSAXFeature(factory, "http://xml.org/sax/features/external-general-entities", false); trySetSAXFeature(factory, "http://xml.org/sax/features/external-parameter-entities", false); trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false); trySetSAXFeature(factory, "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false); trySetXercesSecurityManager(factory); return factory; }