Package org.apache.solr.util
Class SafeXMLParsing
- java.lang.Object
-
- org.apache.solr.util.SafeXMLParsing
-
public final class SafeXMLParsing extends Object
Some utility methods for parsing XML in a safe way. This class can be used to parse XML coming from network (completely untrusted) or it can load a config file from aResourceLoader
. In this case it allows external entities and xincludes, but only referring to files reachable by the loader.
-
-
Field Summary
Fields Modifier and Type Field Description static String
SYSTEMID_UNTRUSTED
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static Document
parseConfigXML(org.slf4j.Logger log, org.apache.lucene.util.ResourceLoader loader, String file)
Parses a config file from ResourceLoader.static Document
parseUntrustedXML(org.slf4j.Logger log, InputStream in)
Parses the given InputStream as XML, disabling any external entities with secure processing enabled.static Document
parseUntrustedXML(org.slf4j.Logger log, Reader reader)
Parses the given InputStream as XML, disabling any external entities with secure processing enabled.static Document
parseUntrustedXML(org.slf4j.Logger log, String xml)
-
-
-
Field Detail
-
SYSTEMID_UNTRUSTED
public static final String SYSTEMID_UNTRUSTED
- See Also:
- Constant Field Values
-
-
Method Detail
-
parseConfigXML
public static Document parseConfigXML(org.slf4j.Logger log, org.apache.lucene.util.ResourceLoader loader, String file) throws SAXException, IOException
Parses a config file from ResourceLoader. Xinclude and external entities are enabled, but cannot escape the resource loader.- Throws:
SAXException
IOException
-
parseUntrustedXML
public static Document parseUntrustedXML(org.slf4j.Logger log, InputStream in) throws SAXException, IOException
Parses the given InputStream as XML, disabling any external entities with secure processing enabled. The given InputStream is not closed.- Throws:
SAXException
IOException
-
parseUntrustedXML
public static Document parseUntrustedXML(org.slf4j.Logger log, Reader reader) throws SAXException, IOException
Parses the given InputStream as XML, disabling any external entities with secure processing enabled. The given Reader is not closed.- Throws:
SAXException
IOException
-
parseUntrustedXML
public static Document parseUntrustedXML(org.slf4j.Logger log, String xml) throws SAXException, IOException
- Throws:
SAXException
IOException
-
-