微信支付-XXE DOM4J
PYJJ 2018-07-06 09:23:34 像DocumentBuilderFactory 可以通过设置FEATURE控制外部实体引用
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
String FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
dbf.setFeature(FEATURE, true);
那么,DOM4J如何做到禁用外部实体引用?