Xerces does not have an implementation of
javax.xml.stream.XMLStreamReader. It seems that you are using Oracle's
JAXP implementation. You're more likely to get a helpful answer on one of
their forums.
Thanks.
Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org
Behrang Saeedzadeh <behran...@gmail.com> wrote on 12/23/2017 06:20:09 PM:
> Apparently it can be disabled globally using the
> "jdk.xml.totalEntitySizeLimit":
> System.setProperty("jdk.xml.totalEntitySizeLimit", "0");
> But I was wondering if it can be disabled on a given XMLEventReader
> or javax.xml.stream.XMLStreamReader?
>
> Best regards,
> Behrang Saeedzadeh
>
> On 24 December 2017 at 10:02, Behrang Saeedzadeh <behran...@gmail.com>
wrote:
> Hi
>
> JDK is using Xerces by default for StAX and some other XML related APIs.
>
> This implementation
> uses com.sun.org.apache.xerces.internal.utils.XMLSecurityManager as
> the XML security manager and has a limit
>
of
com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit#TOTAL_ENTITY_SIZE_LIMIT
> (5,000,000) enabled by default.
>
> Is there a way to programmatically disable this limit when using StAX?
>
> For example, when creating an XMLInputFactory and XMLEventReader:
>
> final XMLInputFactory inputFactory = XMLInputFactory.newInstance();
> final XMLEventReader eventReader = inputFactory.createXMLEventReader
> (inputStream);
>
> Best regards,
> Behrang Saeedzadeh
