Class DtdValidator
java.lang.Object
cloud.opencode.base.xml.validate.DtdValidator
DTD Validator - Document Type Definition validation
DTD 验证器 - 文档类型定义验证
This class provides XML validation against DTD (Document Type Definition).
此类提供针对 DTD(文档类型定义)的 XML 验证。
Security Note | 安全注意:
DTD validation requires enabling DTD processing, which can be a security risk. Use with caution and only with trusted XML sources.
DTD 验证需要启用 DTD 处理,这可能是安全风险。请谨慎使用,仅与受信任的 XML 源一起使用。
Usage Examples | 使用示例:
// Validate XML with embedded DTD
ValidationResult result = DtdValidator.create()
.validate(xmlWithDtd);
// Validate XML against external DTD
ValidationResult result = DtdValidator.create()
.withExternalDtd(dtdPath)
.validate(xml);
Features | 主要功能:
- DTD (Document Type Definition) validation - DTD(文档类型定义)验证
- Support for embedded and external DTDs - 支持嵌入式和外部 DTD
- Fluent builder API - 流式构建器 API
- Since:
- JDK 25, opencode-base-xml V1.0.0
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionallowExternalEntities(boolean allow) Allows external entity resolution (security risk).static DtdValidatorcreate()Creates a new DTD validator.booleanChecks if an XML string is valid.validate(InputStream input) Validates an XML input stream.Validates an XML string.Validates an XML file.validate(InputSource source) Validates from an InputSource.voidvalidateOrThrow(String xml) Validates and throws if invalid.voidvalidateOrThrow(Path path) Validates and throws if invalid.withExternalDtd(String dtdUrl) Sets an external DTD for validation by URL.withExternalDtd(Path dtdPath) Sets an external DTD for validation.
-
Method Details
-
create
Creates a new DTD validator. 创建新的 DTD 验证器。- Returns:
- a new validator | 新验证器
-
withExternalDtd
Sets an external DTD for validation. 设置用于验证的外部 DTD。- Parameters:
dtdPath- the DTD file path | DTD 文件路径- Returns:
- this validator for chaining | 此验证器以便链式调用
-
withExternalDtd
Sets an external DTD for validation by URL. Onlyfile:andclasspath:schemes are accepted to defend against SSRF and remote DTD-fetch payloads. V1.0.4 sec round-4: pre-fix the URL was stored verbatim, allowinghttp://attacker/x.dtdto fetch a remote DTD that could embed external-entity references for local-file read or further SSRF. 通过 URL 设置用于验证的外部 DTD。仅接受file:与classpath:scheme, 防御 SSRF 与远程 DTD 拉取 payload。V1.0.4 sec round-4:修复前 URL 原样存储,http://attacker/x.dtd可拉取远程 DTD 嵌入外部实体引用做本地文件读或进一步 SSRF。- Parameters:
dtdUrl- the DTD URL (file:orclasspath:) | DTD URL(file:或classpath:)- Returns:
- this validator for chaining | 此验证器以便链式调用
- Throws:
IllegalArgumentException- if scheme is notfile:orclasspath:
-
allowExternalEntities
Allows external entity resolution (security risk). 允许外部实体解析(安全风险)。- Parameters:
allow- whether to allow | 是否允许- Returns:
- this validator for chaining | 此验证器以便链式调用
-
validate
Validates an XML string. 验证 XML 字符串。- Parameters:
xml- the XML string | XML 字符串- Returns:
- the validation result | 验证结果
-
validate
Validates an XML file. 验证 XML 文件。- Parameters:
path- the XML file path | XML 文件路径- Returns:
- the validation result | 验证结果
-
validate
Validates an XML input stream. 验证 XML 输入流。- Parameters:
input- the XML input stream | XML 输入流- Returns:
- the validation result | 验证结果
-
validate
Validates from an InputSource. 从 InputSource 验证。- Parameters:
source- the XML source | XML 源- Returns:
- the validation result | 验证结果
-
validateOrThrow
Validates and throws if invalid. 验证,如果无效则抛出异常。- Parameters:
xml- the XML string | XML 字符串- Throws:
XmlValidationException- if validation fails | 如果验证失败则抛出
-
validateOrThrow
Validates and throws if invalid. 验证,如果无效则抛出异常。- Parameters:
path- the XML file path | XML 文件路径- Throws:
XmlValidationException- if validation fails | 如果验证失败则抛出
-
isValid
Checks if an XML string is valid. 检查 XML 字符串是否有效。- Parameters:
xml- the XML string | XML 字符串- Returns:
- true if valid | 如果有效则返回 true
-