XmlFeatures (hutool 6.0.0-M20 API)

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.dromara.hutool.core.xml.XmlFeatures

```
public class XmlFeatures
extends Object
```
XXE安全相关参数
见：https://blog.spoock.com/2018/10/23/java-xxe/

Since:

6.0.0

Author:

looly

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`DISALLOW_DOCTYPE_DECL` 禁用xml中的inline DOCTYPE 声明，即禁用DTD 不允许将外部实体包含在传入的 XML 文档中，从而防止XML实体注入（XML External Entities 攻击，利用能够在处理时动态构建文档的 XML 功能，注入外部实体）
`static String`	`EXTERNAL_GENERAL_ENTITIES` 不包括外部一般实体
`static String`	`EXTERNAL_PARAMETER_ENTITIES` 不包含外部参数实体或外部DTD子集。
`static String`	`LOAD_EXTERNAL_DTD` 忽略外部DTD

Constructor Summary

Constructors
Constructor and Description

XmlFeatures()

Method Summary
- Methods inherited from class java.lang.Object
  clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DISALLOW_DOCTYPE_DECL
```
public static final String DISALLOW_DOCTYPE_DECL
```
    禁用xml中的inline DOCTYPE 声明，即禁用DTD
    不允许将外部实体包含在传入的 XML 文档中，从而防止XML实体注入（XML External Entities 攻击，利用能够在处理时动态构建文档的 XML 功能，注入外部实体）
    
    See Also:
    
    Constant Field Values
  - LOAD_EXTERNAL_DTD
```
public static final String LOAD_EXTERNAL_DTD
```
    忽略外部DTD
    
    See Also:
    
    Constant Field Values
  - EXTERNAL_GENERAL_ENTITIES
```
public static final String EXTERNAL_GENERAL_ENTITIES
```
    不包括外部一般实体
    
    See Also:
    
    Constant Field Values
  - EXTERNAL_PARAMETER_ENTITIES
```
public static final String EXTERNAL_PARAMETER_ENTITIES
```
    不包含外部参数实体或外部DTD子集。
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - XmlFeatures
```
public XmlFeatures()
```

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2025. All rights reserved.