SAXBuilder.java

/*
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */
package com.rometools.rome.io;

import org.jdom2.JDOMException;
import org.jdom2.input.sax.XMLReaderJDOMFactory;
import org.jdom2.input.sax.XMLReaders;
import org.xml.sax.XMLReader;

/*
 *  This code is needed to fix the security problem outlined in http://www.securityfocus.com/archive/1/297714
 *
 * Unfortunately there isn't an easy way to check if an XML parser supports a particular feature, so
 * we need to set it and catch the exception if it fails. We also need to subclass the JDom SAXBuilder
 * class in order to get access to the underlying SAX parser - otherwise the features don't get set until
 * we are already building the document, by which time it's too late to fix the problem.
 *
 * Crimson is one parser which is known not to support these features.
 *
 */
public class SAXBuilder extends org.jdom2.input.SAXBuilder {

    public SAXBuilder(final XMLReaderJDOMFactory factory) {
        super(factory);
    }

    /**
     *
     * @deprecated use SAXBuilder(XMLReaderJDOMFactory) with either XMLReaders.DTDVALIDATING or
     *             XMLReaders.NONVALIDATING
     */
    @Deprecated
    public SAXBuilder(final boolean validate) {
        super(validate ? XMLReaders.DTDVALIDATING : XMLReaders.NONVALIDATING);
    }

    @Override
    public XMLReader createParser() throws JDOMException {
        return super.createParser();
    }

}