Code example for DocumentBuilderFactory

Methods: newDocumentBuilder, setAttribute, setValidating

0
          } 
        }; 
 
  static { 
    // Disable various insecure and/or expensive options. 
    builderFactory.setValidating(false); 
 
    // Can't disable doctypes entirely because they're usually harmless. External entity 
    // resolution, however, is both expensive and insecure. 
    try { 
      builderFactory.setAttribute( 
          "http://xml.org/sax/features/external-general-entities", false); 
    } catch (IllegalArgumentException e) {
      // Not supported by some very old parsers. 
      LOG.info("XML parsers will load external general entities.");
    } 
 
    try { 
      builderFactory.setAttribute(
          "http://xml.org/sax/features/external-parameter-entities", false); 
    } catch (IllegalArgumentException e) { 
      // Not supported by some very old parsers. 
      LOG.info("XML parsers will load external parameter entities.");
    } 
 
    try { 
      builderFactory.setAttribute(
          "http://apache.org/xml/features/nonvalidating/load-external-dtd", false); 
    } catch (IllegalArgumentException e) { 
      // Only supported by Apache's XML parsers. 
      LOG.info("XML parsers will load external DTDs.");
    } 
 
    try { 
      builderFactory.setAttribute(XMLConstants.FEATURE_SECURE_PROCESSING, true);
    } catch (IllegalArgumentException e) { 
      // Not supported by older parsers. 
      LOG.info("Not using secure XML processing.");
    } 
 
    try { 
      DocumentBuilder builder = builderFactory.newDocumentBuilder();
      builder.reset();
      canReuseBuilders = true;
      LOG.info("Reusing document builders");
    } catch (UnsupportedOperationException e) { 
      // Only supported by newer parsers (xerces 2.8.x+ for instance).