This function load an XML string in a save way. Prevent XEE/XXE Attacks @param xml String. The XML string to be loaded. @return The result of load the XML at the Document or null if any error occurs
(String xml)
| 168 | * @return The result of load the XML at the Document or null if any error occurs |
| 169 | */ |
| 170 | public static Document loadXML(String xml) { |
| 171 | try { |
| 172 | if (xml.contains("<!ENTITY")) { |
| 173 | throw new XMLEntityException("Detected use of ENTITY in XML, disabled to prevent XXE/XEE attacks"); |
| 174 | } |
| 175 | return convertStringToDocument(xml); |
| 176 | } catch (XMLEntityException e) { |
| 177 | LOGGER.debug("Load XML error due XMLEntityException.", e); |
| 178 | } catch (Exception e) { |
| 179 | LOGGER.debug("Load XML error: " + e.getMessage(), e); |
| 180 | } |
| 181 | |
| 182 | return null; |
| 183 | } |
| 184 | |
| 185 | private static XPathFactory getXPathFactory() { |
| 186 | try { |