lsm/weixin-java-tools
1
0
Fork 0
mirror of https://gitee.com/binary/weixin-java-tools.git synced 2026-02-15 21:06:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

#903 disable DOCTYPE to fix XXE Vulnerability

Browse Source
This commit is contained in:
Binary Wang
2019-01-10 18:28:55 +08:00
parent d6923f2537
commit 8ec61d1328
4 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
weixin-java-pay/src/main/java/com/github/binarywang/wxpay/bean/result/BaseWxPayResult.java
View File

@@ -189,6 +189,7 @@ public abstract class BaseWxPayResult implements Serializable {
try {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setExpandEntityReferences(false);
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
this.xmlDoc = factory.newDocumentBuilder()
.parse(new ByteArrayInputStream(this.xmlString.getBytes(StandardCharsets.UTF_8)));
return xmlDoc;