Author: darran.lofthouse(a)jboss.com Date: 2010-09-02 10:45:16 -0400 (Thu, 02 Sep 2010) New Revision: 12887 Modified: common/branches/jbossws-common-1.1.0.SP2_CP01_JBPAPP-4647/src/main/java/org/jboss/wsf/common/DOMUtils.java Log: [JBPAPP-4647] Disable external-general-entities and external-parameter-entities. Modified: common/branches/jbossws-common-1.1.0.SP2_CP01_JBPAPP-4647/src/main/java/org/jboss/wsf/common/DOMUtils.java =================================================================== --- common/branches/jbossws-common-1.1.0.SP2_CP01_JBPAPP-4647/src/main/java/org/jboss/wsf/common/DOMUtils.java 2010-09-02 12:59:13 UTC (rev 12886) +++ common/branches/jbossws-common-1.1.0.SP2_CP01_JBPAPP-4647/src/main/java/org/jboss/wsf/common/DOMUtils.java 2010-09-02 14:45:16 UTC (rev 12887) @@ -92,6 +92,8 @@ { factory.setFeature(DEFER_NODE_EXPANSION_FEATURE, false); } + factory.setFeature("http://xml.org/sax/features/external-general-ent...;, false); + factory.setFeature("http://xml.org/sax/features/external-parameter-e...;, false); } catch (ParserConfigurationException pce) {