#28 Disable downloading external resources with DocumentHelper.parseT…

…ext() helper. (cherry picked from commit 8f6a7f6)
dom4j · Apr 11, 2020 · c8d112e · c8d112e
1 parent efbaf6c
commit c8d112e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 5 deletions.
diff --git a/build.gradle b/build.gradle
@@ -19,17 +19,16 @@ repositories {
 
 dependencies {
 
-    compileOnly(
+    implementation(
             'jaxen:jaxen:1.1.6',
             'javax.xml.stream:stax-api:1.0-2',
             'net.java.dev.msv:xsdlib:2013.6.1',
-            'xpp3:xpp3:1.1.4c',
-            'pull-parser:pull-parser:2',
             'javax.xml.bind:jaxb-api:2.2.12',
+            'pull-parser:pull-parser:2',
+            'xpp3:xpp3:1.1.4c',
     )
 
-
-    testCompile(
+    testImplementation(
             'org.testng:testng:6.8.21',
 
             'xerces:xercesImpl:2.11.0',
@@ -89,6 +88,12 @@ publishing {
                     developerConnection = 'scm:git:git@github.com:dom4j/dom4j.git'
                     url = 'git@github.com:dom4j/dom4j.git'
                 }
+
+                withXml {
+                    asNode().dependencies.dependency.findAll { xmlDep ->
+                        xmlDep.appendNode('optional').value = 'true'
+                    }
+                }
             }
         }
     }

diff --git a/src/main/java/org/dom4j/DocumentHelper.java b/src/main/java/org/dom4j/DocumentHelper.java
@@ -18,6 +18,7 @@
 import org.jaxen.VariableContext;
 
 import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
 
 /**
  * <code>DocumentHelper</code> is a collection of helper methods for using
@@ -256,6 +257,8 @@ public static void sort(List<Node> list, String expression, boolean distinct) {
      * <code>parseText</code> parses the given text as an XML document and
      * returns the newly created Document.
      * </p>
+     *
+     * Loading external DTD and entities is disabled (if it is possible) for security reasons.
      * 
      * @param text
      *            the XML text to be parsed