JENA-2331: isolate setting of XMLInputFactory properties

talshani · Jun 1, 2022 · bbfc3b1 · bbfc3b1
1 parent 14c97d7
commit bbfc3b1
Showing 1 changed file with 19 additions and 10 deletions.
diff --git a/jena-core/src/main/java/org/apache/jena/util/JenaXMLInput.java b/jena-core/src/main/java/org/apache/jena/util/JenaXMLInput.java
@@ -72,17 +72,26 @@ public static XMLReader createXMLReader() throws ParserConfigurationException, S
      * Initialize an XMLInputFactory to jena settings.
      */
     public static void initXMLInputFactory(XMLInputFactory xf) {
+        // This disables DTDs entirely for the factory.
+        // All DTDs are silently ignored; takes precedence over ACCESS_EXTERNAL_DTD
+    	setXMLInputFactoryProperty(xf, XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
+
+        // disable external entities (silently ignore)
+        setXMLInputFactoryProperty(xf, XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
+
+        // Disable external DTDs (files and HTTP) - errors unless SUPPORT_DTD is false.
+        setXMLInputFactoryProperty(xf, XMLConstants.ACCESS_EXTERNAL_DTD, "");
+    }
+
+    /**
+     * Catch any {@link IllegalArgumentException}, log it, and continue.
+     */
+    private static void setXMLInputFactoryProperty(XMLInputFactory xf, String name, Object value) {
         try {
-            // This disables DTDs entirely for the factory.
-            // All DTDs are silently ignored; takes precedence over ACCESS_EXTERNAL_DTD
-            xf.setProperty(XMLInputFactory.SUPPORT_DTD, false);
-
-            // Disable external DTDs (files and HTTP) - errors unless SUPPORT_DTD is false.
-            xf.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            // disable external entities (silently ignore)
-            xf.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
-        } catch(IllegalArgumentException ex){
-            Log.error(JenaXMLInput.class, "Problem setting StAX property", ex);
+            xf.setProperty(name, value);
+        } catch(IllegalArgumentException ex) {
+            Log.error(JenaXMLInput.class, "Problem setting StAX property - name: \"" +
+            		name + "\" - value: \"" + value + "\" - error: " + ex.getMessage());
         }
     }