Relates to https://github.com/monitorjbl/excel-streaming-reader/pull/121
The current excel-streaming-reader code for DOM parsing is not namespace aware and the XPath expressions are therefore not applying namespaces either.
I would suggest that both should be made namespace aware and that excel-streaming-reader could then use the POI DocumentHelper to create DOM parsers that have configuration to protect against XML entity expansion attacks.
Relates to https://github.com/monitorjbl/excel-streaming-reader/pull/121 The current excel-streaming-reader code for DOM parsing is not namespace aware and the XPath expressions are therefore not applying namespaces either. I would suggest that both should be made namespace aware and that excel-streaming-reader could then use the POI DocumentHelper to create DOM parsers that have configuration to protect against XML entity expansion attacks.