JDK-8216531 : Change DOM parser to not produce a Text node with DocumentBuilderFactory.setExpandEntityReferences(false)
  • Type: CSR
  • Component: xml
  • Sub-Component: javax.xml.parsers
  • Priority: P4
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 13
  • Submitted: 2019-01-11
  • Updated: 2019-01-12
  • Resolved: 2019-01-12
Related Reports
CSR :  

Changing the JDK implementation of the DOM parser so that it will not produce a Text node when the ExpandEntityReferences feature is set to false. 


By default, a DOM parser resolves entity references as defined. The ExpandEntityReferences feature provides an option for an application to disable such resolution when it is desirable, for example, if no entity reference is expected in normal operation, it may serve as a good precaution.

When ExpandEntityReferences is turned off, the DOM parser is expected to add the EntityReference node to the DOM tree. The current implementation however, continues to resolve the EntityReference and add a Text node with expanded value in addition to the EntityReference node. That defeats the purpose of having the feature that is to allow disabling the resolution.
This issue has a long history. The first report about it was JDK-4762733 that was filed in 2002 for JDK 1.4.1 and then more recently an internal report through JDK-8025660. Both were rejected as "Not an Issue". The reason was that the review was focused on the EntityReference node and the argument was that the parser was doing it correctly by including or excluding the node when setExpandEntityReferences is off or on. The evaluation neglected the fact that the Text node was the real issue, that it should not have been added.

The above is also manifested in JAXP's SQE test where an assertion was made only for the EntityReference node and there was no further test on whether a Text node existed.


Change the behavior of the DOM parser to produce one and only EntityReference node without the expanded Text node when DocumentBuilderFactory.setExpandEntityReferences is set to false.

The benefit of the change is that the DOM parser would then work as expected when an application intends to use the feature to avoid resolving any entity references.


No change.

I note the parent issue is already marked for a release note. Moving to Approved.