public class XMLReaderUtils extends Object implements Serializable
OfflineContentHandler
to guard against
XML External Entity attacks.Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_MAX_ENTITY_EXPANSIONS |
static int |
DEFAULT_POOL_SIZE
Default size for the pool of SAX Parsers
and the pool of DOM builders
|
Constructor and Description |
---|
XMLReaderUtils() |
Modifier and Type | Method and Description |
---|---|
static Document |
buildDOM(InputStream is)
Builds a Document with a DocumentBuilder from the pool
|
static Document |
buildDOM(InputStream is,
ParseContext context)
This checks context for a user specified
DocumentBuilder . |
static Document |
buildDOM(Path path)
Builds a Document with a DocumentBuilder from the pool
|
static Document |
buildDOM(String uriString)
Builds a Document with a DocumentBuilder from the pool
|
static DocumentBuilder |
getDocumentBuilder()
Returns the DOM builder specified in this parsing context.
|
static DocumentBuilderFactory |
getDocumentBuilderFactory()
Returns the DOM builder factory specified in this parsing context.
|
static int |
getMaxEntityExpansions() |
static int |
getPoolSize() |
static SAXParser |
getSAXParser()
Returns the SAX parser specified in this parsing context.
|
static SAXParserFactory |
getSAXParserFactory()
Returns the SAX parser factory specified in this parsing context.
|
static Transformer |
getTransformer()
Returns a new transformer
|
static XMLInputFactory |
getXMLInputFactory()
Returns the StAX input factory specified in this parsing context.
|
static XMLReader |
getXMLReader()
Returns the XMLReader specified in this parsing context.
|
static void |
parseSAX(InputStream is,
DefaultHandler contentHandler,
ParseContext context)
This checks context for a user specified
SAXParser . |
static void |
setMaxEntityExpansions(int maxEntityExpansions)
Set the maximum number of entity expansions allowable in SAX/DOM/StAX parsing.
|
static void |
setPoolSize(int poolSize)
Set the pool size for cached XML parsers.
|
public static final int DEFAULT_POOL_SIZE
public static final int DEFAULT_MAX_ENTITY_EXPANSIONS
public static void setMaxEntityExpansions(int maxEntityExpansions)
JAXP_ENTITY_EXPANSION_LIMIT_KEY
and the DEFAULT_MAX_ENTITY_EXPANSIONS
value for allowable entity expansions
NOTE: To trigger a rebuild of the pool of parsers with this setting,
the client must call setPoolSize(int)
to rebuild the SAX and DOM parsers
with this setting.
maxEntityExpansions
- -- maximum number of allowable entity expansionspublic static XMLReader getXMLReader() throws TikaException
TikaException
getSAXParser()
public static SAXParser getSAXParser() throws TikaException
Make sure to wrap your handler in the OfflineContentHandler
to
prevent XML External Entity attacks
If you call reset() on the parser, make sure to replace the SecurityManager which will be cleared by xerces2 on reset().
TikaException
- if a SAX parser could not be createdgetSAXParserFactory()
public static SAXParserFactory getSAXParserFactory()
secure XML processing
.
Make sure to wrap your handler in the OfflineContentHandler
to
prevent XML External Entity attacks
public static DocumentBuilderFactory getDocumentBuilderFactory()
public static DocumentBuilder getDocumentBuilder() throws TikaException
IGNORING_SAX_ENTITY_RESOLVER
,
and it sets the ErrorHandler to null
.TikaException
public static XMLInputFactory getXMLInputFactory()
IGNORING_STAX_ENTITY_RESOLVER
.public static Transformer getTransformer() throws TikaException
The transformer instance is configured to to use
secure XML processing
.
TikaException
- when the transformer can not be createdpublic static Document buildDOM(InputStream is, ParseContext context) throws TikaException, IOException, SAXException
DocumentBuilder
.
If one is not found, this reuses a DocumentBuilder from the pool.is
- InputStream to parsecontext
- context to useTikaException
IOException
SAXException
public static Document buildDOM(Path path) throws TikaException, IOException, SAXException
path
- path to parseTikaException
IOException
SAXException
public static Document buildDOM(String uriString) throws TikaException, IOException, SAXException
uriString
- uriString to processTikaException
IOException
SAXException
public static Document buildDOM(InputStream is) throws TikaException, IOException, SAXException
TikaException
IOException
SAXException
public static void parseSAX(InputStream is, DefaultHandler contentHandler, ParseContext context) throws TikaException, IOException, SAXException
SAXParser
.
If one is not found, this reuses a SAXParser from the pool.is
- InputStream to parsecontentHandler
- handler to usecontext
- context to useTikaException
IOException
SAXException
public static void setPoolSize(int poolSize) throws TikaException
MAX_ENTITY_EXPANSIONS
poolSize
- TikaException
public static int getPoolSize()
public static int getMaxEntityExpansions()
Copyright © 2007–2018 The Apache Software Foundation. All rights reserved.