Code Review / clamp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
More secure XSLT
[clamp.git] / src / main / java / org / onap / clamp / clds / transform / XslTransformer.java
diff --git a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
index 684bae3..59cc56a 100644 (file)
--- a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
+++ b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
@@ -26,6 +26,7 @@ package org.onap.clamp.clds.transform;
 import java.io.StringReader;
 import java.io.StringWriter;
 
+import javax.xml.XMLConstants;
 import javax.xml.transform.Templates;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerConfigurationException;
@@ -45,6 +46,7 @@ public class XslTransformer {
 
     public void setXslResourceName(String xslResourceName) throws TransformerConfigurationException {
         TransformerFactory tfactory = TransformerFactory.newInstance();
+        tfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
         templates = tfactory.newTemplates(new StreamSource(ResourceFileUtil.getResourceAsStream(xslResourceName)));
     }
 
CLAMP is a platform for designing and managing control loops. Archived.