XMLInputFactoryUtil (wildfly-common 1.7.0.Final API)

java.lang.Object

org.wildfly.common.xml.XMLInputFactoryUtil

public final class XMLInputFactoryUtil extends Object

Factory provides XMLInputFactory with secure defaults set. Properties not supported generate a warning, but the factory process creation will continue and return a result. Settings based on recommendations of Sonarcloud RSPEC-2755 and OWASP XML External Entity Prevention Cheatsheet.

XMLInputFactory.SUPPORT_DTD is set to false.
XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES is set to false.

Since:: 1.6.0.Final
Author:: Boris Unckel

Method Summary

Modifier and Type

Method

Description

static XMLInputFactory

create()

Factory generated with secure defaults.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- create
  
  @NotNull public static XMLInputFactory create()
  
  Factory generated with secure defaults.
  
  Returns:
  
  an instance of the XMLInputFactory.