XML 配置的解析器不阻止也不限制外部实体解析

XML parser configured does not prevent nor limit external entities resolution

尽管我将我的代码更改为我在网上找到的代码,但我每次都会再次遇到此错误:

private Document convertInputToDocument(InputStream xml) {
    try {
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        factory.setIgnoringElementContentWhitespace(true);
        DocumentBuilder builder = factory.newDocumentBuilder();
    return builder.parse(xml);
    } catch (Exception e) {
        e.printStackTrace();
        return null;
    }
}

这 is/was 背后的原因是强化扫描不编译那些使用的包,因此看不到我们提供了足够的安全性!