@jroper says to add the following to XMLLoader.parser:
See http://blog.csnc.ch/2012/08/secure-xml-parser-configuration/
try {
f.setFeature("http://xml.org/sax/features/external-general-entities", false);
f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
} catch {
case e: ParserConfigurationException => // warn that the SAXParserFactory supplied by the JDK doesn't support this feature, and that the application may therefore be vulnerable to external entity attacks, encourage to define your own parser instead
case e: SAXNotRecognizedExcetpion => // as above
case e: SaxNotSupportedException => // as above
}
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4