|
@@ -29,6 +29,8 @@ import javax.xml.transform.stream.*;
|
|
|
import org.apache.hadoop.classification.InterfaceAudience;
|
|
|
import org.apache.hadoop.classification.InterfaceStability;
|
|
|
|
|
|
+import org.slf4j.Logger;
|
|
|
+import org.slf4j.LoggerFactory;
|
|
|
import org.xml.sax.SAXException;
|
|
|
|
|
|
import java.io.*;
|
|
@@ -41,6 +43,9 @@ import java.io.*;
|
|
|
@InterfaceStability.Unstable
|
|
|
public class XMLUtils {
|
|
|
|
|
|
+ private static final Logger LOG =
|
|
|
+ LoggerFactory.getLogger(XMLUtils.class);
|
|
|
+
|
|
|
public static final String DISALLOW_DOCTYPE_DECL =
|
|
|
"http://apache.org/xml/features/disallow-doctype-decl";
|
|
|
public static final String LOAD_EXTERNAL_DECL =
|
|
@@ -138,8 +143,8 @@ public class XMLUtils {
|
|
|
throws TransformerConfigurationException {
|
|
|
TransformerFactory trfactory = TransformerFactory.newInstance();
|
|
|
trfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
|
|
- trfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
|
|
- trfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
|
|
+ bestEffortSetAttribute(trfactory, XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
|
|
+ bestEffortSetAttribute(trfactory, XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
|
|
return trfactory;
|
|
|
}
|
|
|
|
|
@@ -156,8 +161,29 @@ public class XMLUtils {
|
|
|
throws TransformerConfigurationException {
|
|
|
SAXTransformerFactory trfactory = (SAXTransformerFactory) SAXTransformerFactory.newInstance();
|
|
|
trfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
|
|
- trfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
|
|
- trfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
|
|
+ bestEffortSetAttribute(trfactory, XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
|
|
+ bestEffortSetAttribute(trfactory, XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
|
|
return trfactory;
|
|
|
}
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Set an attribute value on a {@link TransformerFactory}. If the TransformerFactory
|
|
|
+ * does not support the attribute, the method just returns <code>false</code> and
|
|
|
+ * logs the issue at debug level.
|
|
|
+ *
|
|
|
+ * @param transformerFactory to update
|
|
|
+ * @param name of the attribute to set
|
|
|
+ * @param value to set on the attribute
|
|
|
+ * @return whether the attribute was successfully set
|
|
|
+ */
|
|
|
+ static boolean bestEffortSetAttribute(TransformerFactory transformerFactory,
|
|
|
+ String name, Object value) {
|
|
|
+ try {
|
|
|
+ transformerFactory.setAttribute(name, value);
|
|
|
+ return true;
|
|
|
+ } catch (Throwable t) {
|
|
|
+ LOG.debug("Issue setting TransformerFactory attribute {}: {}", name, t.toString());
|
|
|
+ }
|
|
|
+ return false;
|
|
|
+ }
|
|
|
}
|