From 1707bf3d898a8ada3b213acb0e3b38f16eaae73d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Jirs=C3=A1k?= <filip@jirsak.org>
Date: Sat, 11 Apr 2020 19:27:36 +0200
Subject: [PATCH] #28 Disable downloading external resources with
 DocumentHelper.parseText() helper.

(cherry picked from commit 8f6a7f6001d679176c1079ac65871d4e493360db)
---
 src/main/java/org/dom4j/DocumentHelper.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/main/java/org/dom4j/DocumentHelper.java b/src/main/java/org/dom4j/DocumentHelper.java
index a3a69dca..6ceed9a3 100644
--- a/src/main/java/org/dom4j/DocumentHelper.java
+++ b/src/main/java/org/dom4j/DocumentHelper.java
@@ -270,6 +270,14 @@ public static void sort(List<Node> list, String expression, boolean distinct) {
      */
     public static Document parseText(String text) throws DocumentException {
         SAXReader reader = new SAXReader();
+        try {
+            reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+            reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+        } catch (SAXException e) {
+            //Parse with external resources downloading allowed.
+        }
+
         String encoding = getEncoding(text);
 
         InputSource source = new InputSource(new StringReader(text));