Set external-parameter-entities via ProfessionalTransformerFactory.setAttribute to avoid XXE vulnerability
Applies to branch:
Fix Committed on Branch:
Fixed in Maintenance Release:
The external entities are being resolved even after setting parser features (via the below java code) to not to resolve external entities. In the below example, the /tmp/abc is resolved to the actual entities. Is there a sample java code for disabling the external entities to avoid the XXE vulnerability. We are using Saxon-220.127.116.11 PE version.
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
Please register to edit this issue