in src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java [132:221]
public void startElement(String uri, String localName, String qName, Attributes atts) throws SAXException {
if (xIncludeNS.equals(uri) && xIncludeLN.equals(localName)) {
String href = atts.getValue("href");
if (href == null) {
throw new SAXException("XInclude href attribute is missing");
}
String parse = atts.getValue("parse");
if (parse != null && !"xml".equals(parse)) {
throw new UnsupportedOperationException("Only parse=\"xml\" is currently supported");
}
String xpointer = atts.getValue("xpointer");
URL url = ClassLoaderUtils.getResource(href, XIncludeHandler.class);
if (url == null) {
throw new SAXException("XML file not found: " + href);
}
Document document = null;
try {
document = uriDocMap.get(url.toURI());
} catch (URISyntaxException ex) {
throw new SAXException(ex);
}
if (document == null) {
DOMResult domResult = new DOMResult();
try {
XMLReader xmlReader = XMLReaderFactory.createXMLReader();
SAXTransformerFactory saxTransformerFactory = (SAXTransformerFactory) TransformerFactory.newInstance();
saxTransformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
try {
saxTransformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
saxTransformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
} catch (IllegalArgumentException ex) {
// ignore
}
TransformerHandler transformerHandler = saxTransformerFactory.newTransformerHandler();
transformerHandler.setResult(domResult);
xmlReader.setContentHandler(new XIncludeHandler(transformerHandler, uriDocMap));
xmlReader.parse(url.toExternalForm());
} catch (TransformerConfigurationException e) {
throw new SAXException(e);
} catch (IOException e) {
throw new SAXException(e);
}
document = (Document) domResult.getNode();
document.setDocumentURI(url.toExternalForm());
try {
uriDocMap.put(url.toURI(), document);
} catch (URISyntaxException e) {
throw new SAXException(e);
}
}
SAXResult saxResult = new SAXResult(this);
skipEvents = true;
try {
TransformerFactory transformerFactory = TransformerFactory.newInstance();
transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
try {
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
} catch (IllegalArgumentException ex) {
// ignore
}
Transformer transformer = transformerFactory.newTransformer();
if (xpointer == null) {
transformer.transform(new DOMSource(document, document.getDocumentURI()), saxResult);
} else {
NodeList nodeList = evaluateXPointer(xpointer, document);
int length = nodeList.getLength();
for (int i = 0; i < length; i++) {
Node node = nodeList.item(i);
transformer.transform(new DOMSource(node, document.getDocumentURI()), saxResult);
}
}
} catch (TransformerConfigurationException e) {
throw new SAXException(e);
} catch (TransformerException e) {
throw new SAXException(e);
} finally {
skipEvents = false;
}
} else {
this.contentHandler.startElement(uri, localName, qName, atts);
}
}