Bug #2051

Set the features and properties of the XMLParser

Added by O'Neil Delpratt over 7 years ago. Updated almost 7 years ago.

Start date:
Due date:
% Done:


Estimated time:
Legacy ID:
Applies to branch:
Fix Committed on Branch:
Fixed in Maintenance Release:


We hope to add ability to set the XMLParser specific features and properties from Saxon via the Saxon feature keys.

This bug/support feature stemmed from a user who requires the disabling of external entities resolving to avoid the XXE vulnerability (See: and specifically in Saxon-C.

This seems to be something which is required in web application, and in a web application the Java API (e.g. the s9api or JAXP API) is appropriate rather than the command line. When you use the API, you can instantiate an XMLReader yourself, set its configuration options, and then supply this to Saxon as the transformation source (e.g. in a SAXSource object).

There is no direct way to set the parser options in Saxon-C.


#1 Updated by O'Neil Delpratt over 7 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Added the the ability to set specific XML parser features and properties. We use the Saxon feature key mechanism. See the example below to set them:


#2 Updated by Michael Kay over 7 years ago

  • Status changed from Resolved to In Progress
  • % Done changed from 100 to 80

Resetting the status to "In Progress" as the patch is still being tested and has not yet been applied to 9.6.

#3 Updated by Michael Kay about 7 years ago

  • Status changed from In Progress to Resolved
  • Fixed in version set to 9.6

I've reviewed this and it is indeed implemented in 9.6, and there are unit tests. I've changed the implementation so that parser properties of any type can be set, not only strings as before.

#4 Updated by O'Neil Delpratt almost 7 years ago

  • Status changed from Resolved to Closed

This bug fix what out in the Saxon release

Please register to edit this issue

Also available in: Atom PDF