1.1 --- a/src/share/jaxws_classes/com/sun/xml/internal/rngom/xml/sax/JAXPXMLReaderCreator.java Thu Sep 26 10:43:28 2013 -0700 1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/rngom/xml/sax/JAXPXMLReaderCreator.java Fri Oct 04 16:21:34 2013 +0100 1.3 @@ -23,7 +23,7 @@ 1.4 * questions. 1.5 */ 1.6 /* 1.7 - * Copyright (C) 2004-2011 1.8 + * Copyright (C) 2004-2012 1.9 * 1.10 * Permission is hereby granted, free of charge, to any person obtaining a copy 1.11 * of this software and associated documentation files (the "Software"), to deal 1.12 @@ -45,10 +45,15 @@ 1.13 */ 1.14 package com.sun.xml.internal.rngom.xml.sax; 1.15 1.16 +import java.util.logging.Level; 1.17 +import java.util.logging.Logger; 1.18 +import javax.xml.XMLConstants; 1.19 import javax.xml.parsers.ParserConfigurationException; 1.20 import javax.xml.parsers.SAXParserFactory; 1.21 1.22 import org.xml.sax.SAXException; 1.23 +import org.xml.sax.SAXNotRecognizedException; 1.24 +import org.xml.sax.SAXNotSupportedException; 1.25 import org.xml.sax.XMLReader; 1.26 1.27 /** 1.28 @@ -72,7 +77,16 @@ 1.29 */ 1.30 public JAXPXMLReaderCreator() { 1.31 spf = SAXParserFactory.newInstance(); 1.32 - spf.setNamespaceAware(true); 1.33 + try { 1.34 + spf.setNamespaceAware(true); 1.35 + spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); 1.36 + } catch (ParserConfigurationException ex) { 1.37 + Logger.getLogger(JAXPXMLReaderCreator.class.getName()).log(Level.SEVERE, null, ex); 1.38 + } catch (SAXNotRecognizedException ex) { 1.39 + Logger.getLogger(JAXPXMLReaderCreator.class.getName()).log(Level.SEVERE, null, ex); 1.40 + } catch (SAXNotSupportedException ex) { 1.41 + Logger.getLogger(JAXPXMLReaderCreator.class.getName()).log(Level.SEVERE, null, ex); 1.42 + } 1.43 } 1.44 1.45 /**