java.lang.Object
- org.apache.solr.util.SafeXMLParsing

```
public final class SafeXMLParsing
extends Object
```
Some utility methods for parsing XML in a safe way. This class can be used to parse XML coming from network (completely untrusted) or it can load a config file from a ResourceLoader. In this case it allows external entities and xincludes, but only referring to files reachable by the loader.

Field Summary

Fields
Modifier and Type Field Description

static String SYSTEMID_UNTRUSTED

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static Document`	`parseConfigXML(org.slf4j.Logger log, org.apache.lucene.util.ResourceLoader loader, String file)`	Parses a config file from a Solr config based on ResourceLoader.
`static Document`	`parseConfigXML(org.slf4j.Logger log, org.apache.lucene.util.ResourceLoader loader, InputSource is)`	Parses a config file from a Solr config based on InputSource.
`static Document`	`parseUntrustedXML(org.slf4j.Logger log, InputStream in)`	Parses non-Solr configs as XML based on the given InputStream, disabling any external entities with secure processing enabled.
`static Document`	`parseUntrustedXML(org.slf4j.Logger log, Reader reader)`	Parses the given InputStream as XML, disabling any external entities with secure processing enabled.
`static Document`	`parseUntrustedXML(org.slf4j.Logger log, String xml)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- SYSTEMID_UNTRUSTED
```
public static final String SYSTEMID_UNTRUSTED
```
  See Also:
  
  Constant Field Values

Method Detail

parseConfigXML

public static Document parseConfigXML(org.slf4j.Logger log,
                                      org.apache.lucene.util.ResourceLoader loader,
                                      String file)
                               throws SAXException,
                                      IOException

Parses a config file from a Solr config based on ResourceLoader. Xinclude and external entities are enabled, but cannot escape the resource loader.

Throws:: SAXException; IOException

parseConfigXML

public static Document parseConfigXML(org.slf4j.Logger log,
                                      org.apache.lucene.util.ResourceLoader loader,
                                      InputSource is)
                               throws SAXException,
                                      IOException

Parses a config file from a Solr config based on InputSource. Xinclude and external entities are enabled, but cannot escape the resource loader.

Throws:: SAXException; IOException

parseUntrustedXML

public static Document parseUntrustedXML(org.slf4j.Logger log,
                                         InputStream in)
                                  throws SAXException,
                                         IOException

Parses non-Solr configs as XML based on the given InputStream, disabling any external entities with secure processing enabled. The given InputStream is not closed.

Throws:: SAXException; IOException

parseUntrustedXML

public static Document parseUntrustedXML(org.slf4j.Logger log,
                                         Reader reader)
                                  throws SAXException,
                                         IOException

Parses the given InputStream as XML, disabling any external entities with secure processing enabled. The given Reader is not closed.

Throws:: SAXException; IOException

parseUntrustedXML

public static Document parseUntrustedXML(org.slf4j.Logger log,
                                         String xml)
                                  throws SAXException,
                                         IOException

Throws:: SAXException; IOException

Class SafeXMLParsing

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

SYSTEMID_UNTRUSTED

Method Detail

parseConfigXML

parseConfigXML

parseUntrustedXML

parseUntrustedXML

parseUntrustedXML