Preventing Java XML Parsers from resolving external DTDs
Posted by Kelvin on 07 Apr 2011 at 06:47 pm | Tagged as: programming
With some SAX parsers you can disable loading of external DTDs with this:
xmlReader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd" , false);
Not all do, however. Piccolo, for one, does not.
However, you can accomplish the same thing with this:
SAXReader reader = new SAXReader(); reader.setEntityResolver(new EntityResolver(){ public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { return new InputSource(new StringReader("")); } });