I have an android app, in which user can enter any xml source url

Question

0

Asked: June 5, 20262026-06-05T04:40:09+00:00 2026-06-05T04:40:09+00:00

I have an android app, in which user can enter any xml source url

0

I have an android app, in which user can enter any xml source url to parse. My app then parses the xml(if valid) and displays results.

The issue is, if the user enters an untrusted xml source url, the app and/or the device might be effected.

What are the best ways to identify risk and prevent exploit.

With my research I found that enabling FEATURE_SECURE_PROCESSING and disabling expansion might help. But can anyone tell me what it is, and how do I achieve it.

Thanks.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T04:40:10+00:00

Editorial Team

2026-06-05T04:40:10+00:00Added an answer on June 5, 2026 at 4:40 am

After researching, I found this. I hope this would solve my problem.

To enable FEATURE_SECURE_PROCESSING

SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

Disable DTDs

spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have an android app, in which user can enter any xml source url

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply