Fix code scanning alert no. 41: Resolving XML external entity in user-controlled data by lfoppiano · Pull Request #1205 · grobidOrg/grobid (original) (raw)

Fixes https://github.com/kermitt2/grobid/security/code-scanning/41

To fix the problem, we need to ensure that the XML parser is fully secured against XXE attacks. This involves:

1. Ensuring that the SAXParserFactory is configured to disallow DTDs.
2. Ensuring that the XMLReader is configured to disallow external entities.
3. Adding an EntityResolver that returns an empty string for any external entity.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.