Package com.itextpdf.kernel.utils
Class XmlProcessorCreator
- java.lang.Object
-
- com.itextpdf.kernel.utils.XmlProcessorCreator
-
public final class XmlProcessorCreator extends java.lang.Object
Utility class for creating XML processors.
-
-
Field Summary
Fields Modifier and Type Field Description private static IXmlParserFactory
xmlParserFactory
-
Constructor Summary
Constructors Modifier Constructor Description private
XmlProcessorCreator()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static javax.xml.parsers.DocumentBuilder
createSafeDocumentBuilder(boolean namespaceAware, boolean ignoringComments)
CreatesDocumentBuilder
instance.static javax.xml.transform.Transformer
createSafeTransformer()
CreatesTransformer
instance.static org.xml.sax.XMLReader
createSafeXMLReader(boolean namespaceAware, boolean validating)
CreatesXMLReader
instance.static void
setXmlParserFactory(IXmlParserFactory factory)
Specifies anIXmlParserFactory
implementation that will be used to create the xml parsers in theXmlProcessorCreator
.
-
-
-
Field Detail
-
xmlParserFactory
private static IXmlParserFactory xmlParserFactory
-
-
Method Detail
-
setXmlParserFactory
public static void setXmlParserFactory(IXmlParserFactory factory)
Specifies anIXmlParserFactory
implementation that will be used to create the xml parsers in theXmlProcessorCreator
. PassDefaultSafeXmlParserFactory
to use default safe factory that should prevent XML attacks like XML bombs and XXE attacks. This will definitely throw an exception if the XXE object is present in the XML. Also it is configured to throw an exception even in case of any DTD in XML file, but this option depends on the parser implementation on your system, it may not work if your parser implementation does not support the corresponding functionality. In this case declare your ownIXmlParserFactory
implementation and pass it to this method.- Parameters:
factory
- factory to be used to create xml parsers. If the passed factory isnull
, theDefaultSafeXmlParserFactory
will be used.
-
createSafeDocumentBuilder
public static javax.xml.parsers.DocumentBuilder createSafeDocumentBuilder(boolean namespaceAware, boolean ignoringComments)
CreatesDocumentBuilder
instance. The default implementation is configured to prevent possible XML attacks (seeDefaultSafeXmlParserFactory
). But you can usesetXmlParserFactory(com.itextpdf.kernel.utils.IXmlParserFactory)
to set your specific factory for creating xml parsers.- Parameters:
namespaceAware
- specifies whether the parser should be namespace awareignoringComments
- specifies whether the parser should ignore comments- Returns:
- safe
DocumentBuilder
instance
-
createSafeXMLReader
public static org.xml.sax.XMLReader createSafeXMLReader(boolean namespaceAware, boolean validating)
CreatesXMLReader
instance. The default implementation is configured to prevent possible XML attacks (seeDefaultSafeXmlParserFactory
). But you can usesetXmlParserFactory(com.itextpdf.kernel.utils.IXmlParserFactory)
to set your specific factory for creating xml parsers.- Parameters:
namespaceAware
- specifies whether the parser should be namespace awarevalidating
- specifies whether the parser should validate documents as they are parsed- Returns:
- safe
XMLReader
instance
-
createSafeTransformer
public static javax.xml.transform.Transformer createSafeTransformer()
CreatesTransformer
instance. The default implementation is configured to prevent possible XML attacks (seeDefaultSafeXmlParserFactory
). But you can usesetXmlParserFactory(com.itextpdf.kernel.utils.IXmlParserFactory)
to set your specific factory for creating xml parsers.- Returns:
- safe
Transformer
instance
-
-