Produced by Araxis Merge on 6/9/2017 3:49:59 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | Fri Jun 9 19:49:59 2017 UTC | ||
| 2 | eHealth_Exch (eHealth Exchange Enhancements) Build 3 docs & code_May_2017.zip\VAP_CIF_CODE0502.zip\VAP_CIF_CODE0502\VAP_CIF_CODE0502\nvap-common\src\main\java\gov\va\nvap\common\util | DocumentBuilderFactoryUtil.java | Wed Jun 7 05:18:56 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 0 | 0 |
| Changed | 0 | 0 |
| Inserted | 1 | 105 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | /* | |||||
| 2 | * To chan ge this li cense head er, choose License H eaders in Project Pr operties. | |||||
| 3 | * To chan ge this te mplate fil e, choose Tools | Te mplates | |||||
| 4 | * and ope n the temp late in th e editor. | |||||
| 5 | */ | |||||
| 6 | package go v.va.nvap. common.uti l; | |||||
| 7 | ||||||
| 8 | import jav ax.xml.par sers.Docum entBuilder Factory; | |||||
| 9 | ||||||
| 10 | /** | |||||
| 11 | * | |||||
| 12 | * @author DNS | |||||
| 13 | */ | |||||
| 14 | public cla ss Documen tBuilderFa ctoryUtil | |||||
| 15 | { | |||||
| 16 | public static Do cumentBuil derFactory getDocume ntBuilderF actory( | |||||
| 17 | String f actoryClas sName, | |||||
| 18 | boolean namespaceA ware, | |||||
| 19 | boolean validating , | |||||
| 20 | boolean expandEnti tyReferenc es) | |||||
| 21 | { | |||||
| 22 | Do cumentBuil derFactory dbf; | |||||
| 23 | ||||||
| 24 | if (factoryC lassName ! = null) { | |||||
| 25 | System.s etProperty ("javax.xm l.parsers. DocumentBu ilderFacto ry", | |||||
| 26 | factoryCla ssName); | |||||
| 27 | } | |||||
| 28 | ||||||
| 29 | // Step 1: c reate a Do cumentBuil derFactory and confi gure it | |||||
| 30 | db f = Docume ntBuilderF actory.new Instance() ; | |||||
| 31 | ||||||
| 32 | // Optional: set vario us configu ration opt ions | |||||
| 33 | db f.setNames paceAware( namespaceA ware); | |||||
| 34 | db f.setValid ating(vali dating); | |||||
| 35 | ||||||
| 36 | // Add vario us options explicitl y to preve nt XXE att acks. add try/catch around eve ry | |||||
| 37 | // setAttrib ute just i n case a s pecific pa rser does not suppor t it. | |||||
| 38 | db f.setExpan dEntityRef erences(ex pandEntity References ); | |||||
| 39 | tr y { | |||||
| 40 | dbf.setA ttribute(" http://xml .org/sax/f eatures/ex ternal-gen eral-entit ies", | |||||
| 41 | Boolean.FA LSE); | |||||
| 42 | } | |||||
| 43 | ca tch (Throw able t) { | |||||
| 44 | } | |||||
| 45 | tr y { | |||||
| 46 | dbf.setA ttribute(" http://xml .org/sax/f eatures/ex ternal-par ameter-ent ities", | |||||
| 47 | Boolean.FA LSE); | |||||
| 48 | } | |||||
| 49 | ca tch (Throw able t) { | |||||
| 50 | } | |||||
| 51 | tr y { | |||||
| 52 | dbf.setA ttribute(" http://apa che.org/xm l/features /disallow- doctype-de cl", | |||||
| 53 | Boolean.TR UE); | |||||
| 54 | } | |||||
| 55 | ca tch (Throw able t) { | |||||
| 56 | } | |||||
| 57 | tr y { | |||||
| 58 | dbf.setA ttribute(" http://jav ax.xml.XML Constants/ feature/se cure-proce ssing", | |||||
| 59 | Boolean.TR UE); | |||||
| 60 | } | |||||
| 61 | ca tch (Throw able t) { | |||||
| 62 | } | |||||
| 63 | tr y { | |||||
| 64 | dbf.setA ttribute(" http://apa che.org/xm l/features /nonvalida ting/load- external-d td", | |||||
| 65 | Boolean.FA LSE); | |||||
| 66 | } | |||||
| 67 | ca tch (Throw able t) { | |||||
| 68 | } | |||||
| 69 | ||||||
| 70 | tr y { | |||||
| 71 | // Some parsers do n't throw an excepti on here, b ut throw o ne when th e | |||||
| 72 | // facto ry creates an instan ce instead , so try t o only do this for | |||||
| 73 | // Xerce s. | |||||
| 74 | if (dbf. getClass() .getName() .equals("o rg.apache. xerces.jax p.Document BuilderFac tory")) { | |||||
| 75 | // s peed up pr ocessing b y turning off deferr ed node ex pansion | |||||
| 76 | dbf. setAttribu te("http:/ /apache.or g/xml/feat ures/dom/d efer-node- expansion" , | |||||
| 77 | Boolea n.FALSE); | |||||
| 78 | } | |||||
| 79 | } | |||||
| 80 | ca tch (Illeg alArgument Exception e) { | |||||
| 81 | // parse rs that do not suppo rt this op tion *shou ld* throw this excep tion | |||||
| 82 | } | |||||
| 83 | ||||||
| 84 | tr y { | |||||
| 85 | // Some parsers do n't throw an excepti on here, b ut throw o ne when th e | |||||
| 86 | // facto ry creates an instan ce instead , so try t o only do this for | |||||
| 87 | // Xerce s. | |||||
| 88 | if (dbf. getClass() .getName() .equals("o rg.apache. xerces.jax p.Document BuilderFac tory")) { | |||||
| 89 | // f uture: pro tect again st DOS att acks throu gh DOCTYPE processin g | |||||
| 90 | dbf. setAttribu te("http:/ /apache.or g/xml/feat ures/disal low-doctyp e-decl", | |||||
| 91 | Boolea n.TRUE); | |||||
| 92 | } | |||||
| 93 | } | |||||
| 94 | ca tch (Illeg alArgument Exception e) { | |||||
| 95 | // parse rs that do not suppo rt this op tion *shou ld* throw this excep tion | |||||
| 96 | } | |||||
| 97 | ||||||
| 98 | /* | |||||
| 99 | At t his point the Docume ntBuilderF actory ins tance can be saved | |||||
| 100 | and reused to create any number of DocumentB uilder ins tances | |||||
| 101 | with the same configurat ion option s. | |||||
| 102 | * / | |||||
| 103 | re turn dbf; | |||||
| 104 | } | |||||
| 105 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.