Class XmlFactories


  • public class XmlFactories
    extends Object
    Provides XML factories that are pre-configured for secure XML processing. The factories are configured to mitigate the risk of XML External Entity (XXE) attacks, notably to reject external DTD or Schema resolution.
    Since:
    3.0.0
    • Method Detail

      • newDocumentBuilderFactory

        public static DocumentBuilderFactory newDocumentBuilderFactory()
        Returns a document builder factory configured to mitigate the risk of XML External Entity (XXE) attacks.

        Clients are recommended to directly use newDocumentBuilder() when no additional configuration is to perform on the factory.

        Returns:
        a new document builder factory
        See Also:
        newDocumentBuilder()
      • newDocumentBuilder

        public static DocumentBuilder newDocumentBuilder()
                                                  throws ParserConfigurationException
        Returns a document builder configured to mitigate the risk of XML External Entity (XXE) attacks.
        Returns:
        a new document builder
        Throws:
        ParserConfigurationException - if a DocumentBuilder cannot be created which satisfies the configuration requested.
      • newSAXParserFactory

        public static SAXParserFactory newSAXParserFactory()
        Returns a SAXParseFactory configured to mitigate the risk of XML External Entity (XXE) attacks.
        Returns:
        a new SAXParseFactory.
      • newTransformerFactory

        public static TransformerFactory newTransformerFactory()
        Returns a transformer factory configured to mitigate the risk of XML External Entity (XXE) attacks.
        Returns:
        a new transformer factory.