* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ *
*/
package org.onap.clamp.clds.transform;
-import javax.xml.transform.*;
-import javax.xml.transform.stream.StreamResult;
-import javax.xml.transform.stream.StreamSource;
import java.io.StringReader;
import java.io.StringWriter;
+import javax.xml.XMLConstants;
+import javax.xml.transform.Templates;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
+
+import org.onap.clamp.clds.util.ResourceFileUtil;
+
/**
* XSL Transformer.
*/
public void setXslResourceName(String xslResourceName) throws TransformerConfigurationException {
TransformerFactory tfactory = TransformerFactory.newInstance();
- templates = tfactory.newTemplates(new StreamSource(TransformUtil.getResourceAsStream(xslResourceName)));
+ tfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ tfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ templates = tfactory.newTemplates(new StreamSource(ResourceFileUtil.getResourceAsStream(xslResourceName)));
}
/**
* @throws TransformerException
*/
public String doXslTransformToString(String xml) throws TransformerException {
- StringWriter output = new StringWriter(4000);
+ StringWriter output = new StringWriter(4096);
Transformer transformer = templates.newTransformer();
- transformer.transform(new StreamSource(new StringReader(xml)),
- new StreamResult(output));
+ transformer.transform(new StreamSource(new StringReader(xml)), new StreamResult(output));
return output.toString();
}
Code Review / clamp.git / blobdiff