@@ -54,7 +54,7 @@ public static XMLFactorySAX newInstanceSecure(boolean validating) throws XMLExce
5454 return newInstanceSecure (validating , false );
5555 }
5656
57- public static SAXParserFactory disableExternalEntity (SAXParserFactory saxFac ) throws XMLException {
57+ private static SAXParserFactory disableExternalEntity (SAXParserFactory saxFac ) throws XMLException {
5858 return XMLException .get ( () -> {
5959 saxFac .setFeature ("http://apache.org/xml/features/disallow-doctype-decl" , true );
6060 saxFac .setFeature ("http://xml.org/sax/features/external-general-entities" , false );
@@ -73,11 +73,21 @@ private static SAXParserFactory init( boolean validating, boolean namespaceAware
7373 }
7474
7575 public static XMLFactorySAX newInstanceSecure (boolean validating , boolean namespaceAware ) throws XMLException {
76- return new XMLFactorySAX ( disableExternalEntity ( init ( validating , namespaceAware ) ) );
76+ return newInstance ( validating , namespaceAware , Boolean . TRUE );
7777 }
7878
79- public static XMLFactorySAX newInstance (boolean validating , boolean namespaceAware ) {
80- return new XMLFactorySAX ( init ( validating , namespaceAware ) );
79+ public static XMLFactorySAX newInstance (boolean validating , boolean namespaceAware ) throws XMLException {
80+ return newInstance ( validating , namespaceAware , Boolean .FALSE );
81+ }
82+
83+ public static XMLFactorySAX newInstance (boolean validating , boolean namespaceAware , boolean secure ) throws XMLException {
84+ return XMLException .get ( () -> {
85+ SAXParserFactory factory = init ( validating , namespaceAware );
86+ if ( secure ) {
87+ factory = disableExternalEntity ( factory );
88+ }
89+ return new XMLFactorySAX ( factory );
90+ } );
8191 }
8292
8393 public void setValidating (boolean val ) {
0 commit comments