From 1707bf3d898a8ada3b213acb0e3b38f16eaae73d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Jirs=C3=A1k?= <filip@jirsak.org>
Date: Sat, 11 Apr 2020 19:27:36 +0200
Subject: [PATCH] #28 Disable downloading external resources with
 DocumentHelper.parseText() helper.

(cherry picked from commit 8f6a7f6001d679176c1079ac65871d4e493360db)
Author: Utkarsh Gupta <utkarsh@debian.org>

--- a/src/main/java/org/dom4j/DocumentHelper.java
+++ b/src/main/java/org/dom4j/DocumentHelper.java
@@ -18,6 +18,7 @@
 import org.jaxen.VariableContext;
 
 import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
 
 /**
  * <code>DocumentHelper</code> is a collection of helper methods for using
@@ -270,6 +271,14 @@
      */
     public static Document parseText(String text) throws DocumentException {
         SAXReader reader = new SAXReader();
+        try {
+            reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+            reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+        } catch (SAXException e) {
+            //Parse with external resources downloading allowed.
+        }
+
         String encoding = getEncoding(text);
 
         InputSource source = new InputSource(new StringReader(text));