Class XmlProcessorCreator


  • public final class XmlProcessorCreator
    extends java.lang.Object
    Utility class for creating XML processors.
    • Constructor Detail

      • XmlProcessorCreator

        private XmlProcessorCreator()
    • Method Detail

      • setXmlParserFactory

        public static void setXmlParserFactory​(IXmlParserFactory factory)
        Specifies an IXmlParserFactory implementation that will be used to create the xml parsers in the XmlProcessorCreator. Pass DefaultSafeXmlParserFactory to use default safe factory that should prevent XML attacks like XML bombs and XXE attacks. This will definitely throw an exception if the XXE object is present in the XML. Also it is configured to throw an exception even in case of any DTD in XML file, but this option depends on the parser implementation on your system, it may not work if your parser implementation does not support the corresponding functionality. In this case declare your own IXmlParserFactory implementation and pass it to this method.
        Parameters:
        factory - factory to be used to create xml parsers. If the passed factory is null, the DefaultSafeXmlParserFactory will be used.
      • createSafeDocumentBuilder

        public static javax.xml.parsers.DocumentBuilder createSafeDocumentBuilder​(boolean namespaceAware,
                                                                                  boolean ignoringComments)
        Creates DocumentBuilder instance. The default implementation is configured to prevent possible XML attacks (see DefaultSafeXmlParserFactory). But you can use setXmlParserFactory(com.itextpdf.kernel.utils.IXmlParserFactory) to set your specific factory for creating xml parsers.
        Parameters:
        namespaceAware - specifies whether the parser should be namespace aware
        ignoringComments - specifies whether the parser should ignore comments
        Returns:
        safe DocumentBuilder instance
      • createSafeXMLReader

        public static org.xml.sax.XMLReader createSafeXMLReader​(boolean namespaceAware,
                                                                boolean validating)
        Creates XMLReader instance. The default implementation is configured to prevent possible XML attacks (see DefaultSafeXmlParserFactory). But you can use setXmlParserFactory(com.itextpdf.kernel.utils.IXmlParserFactory) to set your specific factory for creating xml parsers.
        Parameters:
        namespaceAware - specifies whether the parser should be namespace aware
        validating - specifies whether the parser should validate documents as they are parsed
        Returns:
        safe XMLReader instance