Open foobnix opened 8 months ago
mwilliamson
commented
8 months ago It appears that the implementation of the SAX parser doesn't support disabling DTDs, which prevents XML entity attacks. If possible, I'd suggest switching to a SAX parser that supports the feature.
foobnix
commented
8 months ago I am using implementation 'javax.xml.stream:stax-api:1.0-2' and it's works fine with the old version of your library I have try implementation 'xerces:xercesImpl:2.12.2' - it's not helped. Could you please suggest a sax parser that supports this feature? or Can you configure the library not to crash if the parser does not support this feature?
mwilliamson
commented
8 months ago Could you please suggest a sax parser that supports this feature?
Xerces should support the feature: https://xerces.apache.org/xerces2-j/features.html
Can you configure the library not to crash if the parser does not support this feature?
The feature avoids a security vulnerability, so I would be reluctant to ignore errors from enabling the feature.
Please help to fix for Android, there is an exception
Caused by: org.xml.sax.SAXNotRecognizedException: http://apache.org/xml/features/disallow-doctype-decl at org.apache.harmony.xml.parsers.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:93)
java.lang.RuntimeException: org.xml.sax.SAXNotRecognizedException: http://apache.org/xml/features/disallow-doctype-decl at org.zwobble.mammoth.internal.xml.parsing.SimpleSax.parseInputSource(SimpleSax.java:67) at org.zwobble.mammoth.internal.xml.parsing.SimpleSax.parseStream(SimpleSax.java:24) at org.zwobble.mammoth.internal.xml.parsing.XmlParser.parseStream(XmlParser.java:24) at org.zwobble.mammoth.internal.docx.OfficeXml.parseXml(OfficeXml.java:38)