From c8d112e458799721d0c78959bc591b90e2f8d199 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Filip=20Jirs=C3=A1k?= Date: Sun, 1 Jul 2018 12:45:33 +0200 Subject: [PATCH] #28 Disable downloading external resources with DocumentHelper.parseText() helper. (cherry picked from commit 8f6a7f6001d679176c1079ac65871d4e493360db) --- build.gradle | 15 ++++++++++----- src/main/java/org/dom4j/DocumentHelper.java | 3 +++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/build.gradle b/build.gradle index 64fc7d33..ec946023 100644 --- a/build.gradle +++ b/build.gradle @@ -19,17 +19,16 @@ repositories { dependencies { - compileOnly( + implementation( 'jaxen:jaxen:1.1.6', 'javax.xml.stream:stax-api:1.0-2', 'net.java.dev.msv:xsdlib:2013.6.1', - 'xpp3:xpp3:1.1.4c', - 'pull-parser:pull-parser:2', 'javax.xml.bind:jaxb-api:2.2.12', + 'pull-parser:pull-parser:2', + 'xpp3:xpp3:1.1.4c', ) - - testCompile( + testImplementation( 'org.testng:testng:6.8.21', 'xerces:xercesImpl:2.11.0', @@ -89,6 +88,12 @@ publishing { developerConnection = 'scm:git:git@github.com:dom4j/dom4j.git' url = 'git@github.com:dom4j/dom4j.git' } + + withXml { + asNode().dependencies.dependency.findAll { xmlDep -> + xmlDep.appendNode('optional').value = 'true' + } + } } } } diff --git a/src/main/java/org/dom4j/DocumentHelper.java b/src/main/java/org/dom4j/DocumentHelper.java index 26569e2d..a3a69dca 100644 --- a/src/main/java/org/dom4j/DocumentHelper.java +++ b/src/main/java/org/dom4j/DocumentHelper.java @@ -18,6 +18,7 @@ import org.jaxen.VariableContext; import org.xml.sax.InputSource; +import org.xml.sax.SAXException; /** * DocumentHelper is a collection of helper methods for using @@ -256,6 +257,8 @@ public static void sort(List list, String expression, boolean distinct) { * parseText parses the given text as an XML document and * returns the newly created Document. *

+ * + * Loading external DTD and entities is disabled (if it is possible) for security reasons. * * @param text * the XML text to be parsed