From a7d32f0bf0d077c9e2dfc5e167e58d1f2e7f797f Mon Sep 17 00:00:00 2001
From: zch <zhangchenghui.dev@gmail.com>
Date: Tue, 3 Jul 2018 22:34:51 +0800
Subject: [PATCH] =?UTF-8?q?=E7=A6=81=E7=94=A8XML=E5=A4=96=E9=83=A8?=
 =?UTF-8?q?=E5=AE=9E=E4=BD=93=E6=B3=A8=E5=85=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/main/java/me/hao0/common/xml/XmlReaders.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/me/hao0/common/xml/XmlReaders.java b/src/main/java/me/hao0/common/xml/XmlReaders.java
index b877ce8..c499cd1 100644
--- a/src/main/java/me/hao0/common/xml/XmlReaders.java
+++ b/src/main/java/me/hao0/common/xml/XmlReaders.java
@@ -24,7 +24,10 @@ public class XmlReaders {
 
     static {
         try {
-            builder =  DocumentBuilderFactory.newInstance().newDocumentBuilder();
+            DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+            // 禁用XML 外部实体注入
+            documentBuilderFactory.setExpandEntityReferences(false);
+            builder =  documentBuilderFactory.newDocumentBuilder();
         } catch (ParserConfigurationException e) {
             throw new XmlException("init xml failed");
         }