Class EmptyEntityResolver

  • public final class EmptyEntityResolver
    extends Object
    This class provides several singletons of entity resolvers used by SAX and StAX in the Java API. This is needed to make secure XML parsers, that don't resolve external entities from untrusted sources.

    This class also provides static methods to configure SAX and StAX parsers to be safe.

    Parsers will get an empty, closed stream for every external entity, so they will not fail while parsing (unless the external entity is needed for processing!).

    • Method Detail

      • configureXMLInputFactory

        public static void configureXMLInputFactory​(XMLInputFactory inputFactory)
        Configures the given XMLInputFactory to not parse external entities. No further configuration on is needed, all required entity resolvers are configured.