MCPcopy Create free account
hub / github.com/SAML-Toolkits/java-saml / loadXML

Method loadXML

core/src/main/java/com/onelogin/saml2/util/Util.java:170–183  ·  view source on GitHub ↗

This function load an XML string in a save way. Prevent XEE/XXE Attacks @param xml String. The XML string to be loaded. @return The result of load the XML at the Document or null if any error occurs

(String xml)

Source from the content-addressed store, hash-verified

168 * @return The result of load the XML at the Document or null if any error occurs
169 */
170 public static Document loadXML(String xml) {
171 try {
172 if (xml.contains("<!ENTITY")) {
173 throw new XMLEntityException("Detected use of ENTITY in XML, disabled to prevent XXE/XEE attacks");
174 }
175 return convertStringToDocument(xml);
176 } catch (XMLEntityException e) {
177 LOGGER.debug("Load XML error due XMLEntityException.", e);
178 } catch (Exception e) {
179 LOGGER.debug("Load XML error: " + e.getMessage(), e);
180 }
181
182 return null;
183 }
184
185 private static XPathFactory getXPathFactory() {
186 try {

Calls 1