java-mammoth icon indicating copy to clipboard operation
java-mammoth copied to clipboard
verified publisher icon mwilliamson

SAXNotRecognizedException

Open foobnix opened this issue 1 year ago • 4 comments

Please help to fix for Android, there is an exception

Caused by: org.xml.sax.SAXNotRecognizedException: http://apache.org/xml/features/disallow-doctype-decl at org.apache.harmony.xml.parsers.SAXParserFactoryImpl.setFeature(SAXParserFactoryImpl.java:93)

java.lang.RuntimeException: org.xml.sax.SAXNotRecognizedException: http://apache.org/xml/features/disallow-doctype-decl at org.zwobble.mammoth.internal.xml.parsing.SimpleSax.parseInputSource(SimpleSax.java:67) at org.zwobble.mammoth.internal.xml.parsing.SimpleSax.parseStream(SimpleSax.java:24) at org.zwobble.mammoth.internal.xml.parsing.XmlParser.parseStream(XmlParser.java:24) at org.zwobble.mammoth.internal.docx.OfficeXml.parseXml(OfficeXml.java:38)

foobnix avatar Mar 17 '24 08:03 foobnix

It appears that the implementation of the SAX parser doesn't support disabling DTDs, which prevents XML entity attacks. If possible, I'd suggest switching to a SAX parser that supports the feature.

mwilliamson avatar Mar 17 '24 10:03 mwilliamson

I am using implementation 'javax.xml.stream:stax-api:1.0-2' and it's works fine with the old version of your library I have try implementation 'xerces:xercesImpl:2.12.2' - it's not helped. Could you please suggest a sax parser that supports this feature? or Can you configure the library not to crash if the parser does not support this feature?

foobnix avatar Mar 17 '24 12:03 foobnix

Could you please suggest a sax parser that supports this feature?

Xerces should support the feature: https://xerces.apache.org/xerces2-j/features.html

Can you configure the library not to crash if the parser does not support this feature?

The feature avoids a security vulnerability, so I would be reluctant to ignore errors from enabling the feature.

mwilliamson avatar Mar 17 '24 18:03 mwilliamson