2 * No-operation Entity Resolver for XML.
4 * License : The MIT License
5 * Copyright(c) 2019 olyutorskii
8 package jp.sfjp.mikutoga.xml;
10 import java.io.Reader;
11 import java.io.StringReader;
12 import org.xml.sax.EntityResolver;
13 import org.xml.sax.InputSource;
16 * No-operation Entity Resolver implementation for preventing XXE.
18 * @see <a href="https://en.wikipedia.org/wiki/XML_external_entity_attack">
19 * XML external entity attack (Wikipedia)
22 public final class NoopEntityResolver implements EntityResolver{
24 /** Singleton resolver. */
25 public static final EntityResolver NOOP_RESOLVER =
26 new NoopEntityResolver();
32 private NoopEntityResolver(){
41 * <p>Prevent any external entity reference XXE.
43 * @param publicId {@inheritDoc}
44 * @param systemId {@inheritDoc}
45 * @return empty input source
48 public InputSource resolveEntity(String publicId, String systemId){
49 Reader emptyReader = new StringReader("");
50 InputSource source = new InputSource(emptyReader);
52 source.setPublicId(publicId);
53 source.setSystemId(systemId);