From 1f52136321cfca68b991bd7870563d06cf96624d Mon Sep 17 00:00:00 2001
From: Haxatron <haxatron1@gmail.com>
Date: Tue, 11 Jan 2022 23:13:08 -0800
Subject: [PATCH] Fix SAXParser security issue

---
 src/edu/stanford/nlp/process/TransformXML.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/edu/stanford/nlp/process/TransformXML.java b/src/edu/stanford/nlp/process/TransformXML.java
index 5489551d35..a4b565d3e7 100644
--- a/src/edu/stanford/nlp/process/TransformXML.java
+++ b/src/edu/stanford/nlp/process/TransformXML.java
@@ -5,6 +5,7 @@
 import java.io.*;
 import java.util.*;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 
@@ -195,6 +196,8 @@ public void processText(String text) {
 
   public TransformXML() {
     try {
+      SAXParserFactory spf = SAXParserFactory.newInstance();
+      spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
       saxParser = SAXParserFactory.newInstance().newSAXParser();
     } catch (Exception e) {
       log.info("Error configuring XML parser: " + e);