From 2361ec46b5fbf940bafe8247e421e64f9cb7f7b1 Mon Sep 17 00:00:00 2001 From: PJ Fanning Date: Fri, 1 Jul 2016 22:57:06 +0100 Subject: [PATCH] setExpandEntityReferences(false) --- upstream link: https://github.com/FasterXML/jackson-1/commit/2361ec46b5fbf940bafe8247e421e64f9cb7f7b1 .../java/org/codehaus/jackson/map/ext/DOMDeserializer.java | 1 + .../org/codehaus/jackson/xc/DomElementJsonDeserializer.java | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java b/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java index 3a486b9e..97f76af9 100644 --- a/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java +++ b/src/mapper/java/org/codehaus/jackson/map/ext/DOMDeserializer.java @@ -24,6 +24,7 @@ public abstract class DOMDeserializer extends FromStringDeserializer _parserFactory = DocumentBuilderFactory.newInstance(); // yup, only cave men do XML without recognizing namespaces... _parserFactory.setNamespaceAware(true); + _parserFactory.setExpandEntityReferences(false); try { _parserFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); } catch(ParserConfigurationException pce) { diff --git a/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java b/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java index ccd631aa..8b1de578 100644 --- a/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java +++ b/src/xc/java/org/codehaus/jackson/xc/DomElementJsonDeserializer.java @@ -30,10 +30,11 @@ public class DomElementJsonDeserializer try { DocumentBuilderFactory bf = DocumentBuilderFactory.newInstance(); bf.setNamespaceAware(true); + bf.setExpandEntityReferences(false); bf.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true); builder = bf.newDocumentBuilder(); } catch (ParserConfigurationException e) { - throw new RuntimeException(); + throw new RuntimeException("Problem creating DocumentBuilder: " + e.toString()); } } -- 2.20.1