JDK-8206132 : DOM parser does not honor DocumentBuilderFactory.setExpandEntityReferences(false)
  • Type: Bug
  • Component: xml
  • Sub-Component: javax.xml.parsers
  • Affected Version: 8,9,10,11
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_10
  • CPU: x86_64
  • Submitted: 2018-06-27
  • Updated: 2019-02-12
  • Resolved: 2019-02-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 13
13 b07Fixed
Related Reports
CSR :  
Relates :  
Sub Tasks
JDK-8217937 :  
Description
ADDITIONAL SYSTEM INFORMATION :
java version "1.8.0_172"
Java(TM) SE Runtime Environment (build 1.8.0_172-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode)

A DESCRIPTION OF THE PROBLEM :
This was previously reported as JDK-8025660 and JDK-4762733 but I believe that the resolution was incorrect. Calling DocumentBuilderFactory.setExpandEntityReferences(false) does indeed cause an EntityReference node to appear in the DOM, but a Text node containing the expanded text also appears as the next sibling. This text node is unexpected based on the Javadoc for DocumentBuilderFactory.setExpandEntityReferences.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
See test case below. Call DocumentBuilderFactory.setExpandEntityReferences(false) then parse an XML file with an entity reference.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Only the EntityReference node should be present in the DOM
ACTUAL -
The EntityReference node is present, along with a sibling Text node containing the expanded entity value.

---------- BEGIN SOURCE ----------
DocumentBuilderFactoryTest.java:

import java.io.File;
import java.io.FileInputStream;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;

import org.testng.Assert;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

public class DocumentBuilderFactoryTest
{
    private static final String XML_DIR = ".";

    /**
     * Test the setExpandEntityReferences.
     * @throws Exception If any errors occur.
     */
    @Test
    public void testCheckDocumentBuilderFactory08() throws Exception {
        try (FileInputStream fis = new FileInputStream(new File(
                XML_DIR, "DocumentBuilderFactory02.xml"))) {
            final DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setExpandEntityReferences(false);
            final DocumentBuilder docBuilder = dbf.newDocumentBuilder();
            final Document doc = docBuilder.parse(fis);
            final Element e = (Element) doc.getElementsByTagName("title").item(0);
            final NodeList nl = e.getChildNodes();
            Assert.assertTrue(nl.item(0) instanceof EntityReference);
            Assert.assertNull(nl.item(0).getNodeValue());
            // Should be just 1 EntityReference node, but a Text node also is present
            Assert.assertEquals(nl.getLength(), 1);
        }
    }

}

DocumentBuilderFactory02.xml:
<?xml version="1.0"?>
<!DOCTYPE document [
    <!ENTITY ws "Wiliam SHAkespeare">
    <!ELEMENT document (title)>
    <!ELEMENT title (#PCDATA)>
]>
<document>
    <title>&ws;</title>
</document>

---------- END SOURCE ----------

FREQUENCY : always



Comments
To reproduce the issue, run the attached test case: JDK 8u171 - Fail JDK 10.0.1+11 - Fail JDK 11-ea+18 - Fail Output : nl.item(0) instanceof EntityReference):true nl.getLength():2
02-07-2018