Summary
-------

Adjust JAXP's XML Processing Limits (JAXP Limits) to be more in line with general usage.

Problem
-------

JAXP limits are a set of JDK implementation specific properties as list in the [java.xml module description](https://docs.oracle.com/en/java/javase/23/docs/api/java.xml/module-summary.html#IN_ISFP), for example `jdk.xml.entityExpansionLimit`. These limits were designed to prevent applications from consuming excessive resource or memory. They were provided for developers to set processing limits based on application requirements and system configurations. In a similar context, the JDK itself should also adjust the default settings to be more in line with general usage. 

Solution
--------

Adjust JAXP limits to fit general application needs based on known public entities such as W3C MathML DTDs.

These changes will affect parsing XML documents that contains [Document Type Definitions](https://en.wikipedia.org/wiki/Document_type_definition) (DTDs) using JAXP APIs such as the [DOM, SAX](https://docs.oracle.com/en/java/javase/23/docs/api/java.xml/javax/xml/parsers/package-summary.html) and [StAX](https://docs.oracle.com/en/java/javase/23/docs/api/java.xml/javax/xml/stream/package-summary.html) parsers. They indirectly affect the Transform and Validation APIs that use these processors.

**Compatibility and Solutions**

If an application processes XML documents for referencing an extremely large DTD, it may encounter a parsing error in the form of an Exception, such as the follows:

    JAXP00010001: The parser has encountered more than "2500" entity expansions in this document; 
    this is the limit imposed by the JDK.

To resolve the issue, application may increase the limit via the JAXP API. Using DOM processor as an example, the following code increases the expansion limit to 5000:

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    dbf.setAttribute("jdk.xml.entityExpansionLimit", 5000);

Or in the JAXP Configuration File. A [template for creating Strict JAXP Configuration File](https://bugs.openjdk.org/browse/JDK-8330605), `jaxp-strict.properties.template`, was provided in JDK 23 for developers to assess and prepare their applications for the changes such as this.

 To set the property in the configuration file, copy the template and create a custom configuration file:

    cp $JAVA_HOME/conf/jaxp-strict.properties.template. /<my_path>/jaxp-strict.properties  

Edit and change the setting as follows:

    jdk.xml.entityExpansionLimit=5000

As a system property, this property can also be set on the commandline, e.g.:

    java -Djdk.xml.entityExpansionLimit=5000 myApp 

The Java tutorial, [JAXP Processing Limits](https://docs.oracle.com/javase/tutorial//jaxp/limits/using.html), provides a debug solution that can be used to analyze the usages and estimate the limits.
 
Specification
-------------

Update the java.xml module description, table [Implementation Specific Properties](https://docs.oracle.com/en/java/javase/23/docs/api/java.xml/module-summary.html#IN_ISFPtable):

<pre>
    Name					             Value (default)

- jdk.xml.entityExpansionLimit             64000
+ jdk.xml.entityExpansionLimit              2500


- jdk.xml.totalEntitySizeLimit          50000000
+ jdk.xml.totalEntitySizeLimit            100000

- jdk.xml.maxGeneralEntitySizeLimit            0
+ jdk.xml.maxGeneralEntitySizeLimit       100000

- jdk.xml.maxParameterEntitySizeLimit    1000000
+ jdk.xml.maxParameterEntitySizeLimit      15000

- jdk.xml.entityReplacementLimit         3000000
+ jdk.xml.entityReplacementLimit          100000

- jdk.xml.maxElementDepth                      0
+ jdk.xml.maxElementDepth                    100

- jdk.xml.elementAttributeLimit           10,000
+ jdk.xml.elementAttributeLimit              200
</pre>