change xml options (#875)

This commit is contained in:
PJ Fanning 2025-08-06 18:29:04 +01:00 committed by GitHub
parent 9d37011683
commit 86e80a9164
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -43,6 +43,9 @@ public class POIXMLTypeLoader {
DEFAULT_XML_OPTIONS.setCharacterEncoding("UTF-8");
DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(true);
DEFAULT_XML_OPTIONS.setEntityExpansionLimit(1);
DEFAULT_XML_OPTIONS.setLoadStripProcinsts(true);
DEFAULT_XML_OPTIONS.setLoadStripComments(true);
// JAXP is used for parsing
// so only user code using XmlObject/XmlToken.Factory.parse
// directly can bypass the entity check, which is probably unlikely (... and not within our responsibility :))