Skip to content

J
jadx

qq_39073359 / jadx
与 Fork 源项目一致

从无法访问的项目Fork

通知 1
Star 0
Fork 0
J
jadx

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

未验证 提交 d22db301 编写于 作者: S Skylot
浏览文件
操作

fix: use secure xml parser for process manifest

上级 6db61e7a
隐藏空白更改
内联 并排
Showing with 2 addition and 2 deletion
jadx-core/src/main/java/jadx/core/export/ExportGradleProject.java
浏览文件 @ d22db301
...@@ -8,7 +8,6 @@ import java.util.HashSet; ...@@ -8,7 +8,6 @@ import java.util.HashSet;
import java.util.Set; import java.util.Set;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
...@@ -24,6 +23,7 @@ import jadx.core.dex.nodes.RootNode; ...@@ -24,6 +23,7 @@ import jadx.core.dex.nodes.RootNode;
import jadx.core.utils.exceptions.JadxRuntimeException; import jadx.core.utils.exceptions.JadxRuntimeException;
import jadx.core.utils.files.FileUtils; import jadx.core.utils.files.FileUtils;
import jadx.core.xmlgen.ResContainer; import jadx.core.xmlgen.ResContainer;
import jadx.core.xmlgen.XmlSecurity;
public class ExportGradleProject { public class ExportGradleProject {
...@@ -139,7 +139,7 @@ public class ExportGradleProject { ...@@ -139,7 +139,7 @@ public class ExportGradleProject {
private Document parseXml(String xmlContent) { private Document parseXml(String xmlContent) {
try { try {
DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); DocumentBuilder builder = XmlSecurity.getSecureDbf().newDocumentBuilder();
Document document = builder.parse(new InputSource(new StringReader(xmlContent))); Document document = builder.parse(new InputSource(new StringReader(xmlContent)));
document.getDocumentElement().normalize(); document.getDocumentElement().normalize();
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册