Sonar Fixes - try to fix XXE warnings

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1875860 13f79535-47bb-0310-9956-ffa450edef68
author: Andreas Beeker <kiwiwings@apache.org> 2020-03-29 14:55:31 +0000
committer: Andreas Beeker <kiwiwings@apache.org> 2020-03-29 14:55:31 +0000
commit: 3cb1a38d8e79429574e331985a32c5b98dbf62ab (patch)
tree: c18e2f91ecec3f7580e56c80f564084fb9549307
parent: c01273ad02478412e8b92db797830f2a9f70f05b (diff)
download: poi-3cb1a38d8e79429574e331985a32c5b98dbf62ab.tar.gz
poi-3cb1a38d8e79429574e331985a32c5b98dbf62ab.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/java/org/apache/poi/util/XMLHelper.java b/src/java/org/apache/poi/util/XMLHelper.java
index c1af6b2ab0..beca533611 100644
--- a/src/java/org/apache/poi/util/XMLHelper.java
+++ b/src/java/org/apache/poi/util/XMLHelper.java
@@ -219,6 +219,7 @@ public final class XMLHelper {
         trySet(factory::setFeature, FEATURE_SECURE_PROCESSING, true);
         trySet(factory::setAttribute, ACCESS_EXTERNAL_DTD, "");
         trySet(factory::setAttribute, ACCESS_EXTERNAL_STYLESHEET, "");
+        trySet(factory::setAttribute, ACCESS_EXTERNAL_SCHEMA, "");
         return factory;
     }
 
@@ -235,6 +236,7 @@ public final class XMLHelper {
         SchemaFactory factory = SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI);
         trySet(factory::setFeature, FEATURE_SECURE_PROCESSING, true);
         trySet(factory::setProperty, ACCESS_EXTERNAL_DTD, "");
+        trySet(factory::setProperty, ACCESS_EXTERNAL_STYLESHEET, "");
         trySet(factory::setProperty, ACCESS_EXTERNAL_SCHEMA, "");
         return factory;
     }
author	Andreas Beeker <kiwiwings@apache.org>	2020-03-29 14:55:31 +0000
committer	Andreas Beeker <kiwiwings@apache.org>	2020-03-29 14:55:31 +0000
commit	3cb1a38d8e79429574e331985a32c5b98dbf62ab (patch)
tree	c18e2f91ecec3f7580e56c80f564084fb9549307
parent	c01273ad02478412e8b92db797830f2a9f70f05b (diff)
download	poi-3cb1a38d8e79429574e331985a32c5b98dbf62ab.tar.gz poi-3cb1a38d8e79429574e331985a32c5b98dbf62ab.zip