Skip to content

Y
YeeAmosFireAutoSysRoot
Commit cb0c7142 authored by 张森's avatar 张森
Browse files
Options

XML External Entity Injection(XML外部实体注入) 问题修复

parent 55fc95dd
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 0 deletions
YeeAmosFireAutoSysService/src/main/java/com/yeejoin/amos/fas/core/util/WordConverterUtils.java
View file @ cb0c7142
......@@ -110,6 +110,7 @@ public class WordConverterUtils {
StreamResult streamResult = new StreamResult(targetFile);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
......@@ -159,6 +160,7 @@ public class WordConverterUtils {
StreamResult streamResult = new StreamResult(stringWriter);
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
Transformer serializer = tf.newTransformer();
serializer.setOutputProperty(OutputKeys.ENCODING, "utf-8");
serializer.setOutputProperty(OutputKeys.INDENT, "yes");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment