FactorySupport (Groovy 6.0.0-alpha-1)

groovy.xml.FactorySupport

```
public class FactorySupport
extends Object
```
Support class for creating hardened JAXP factories.
Every create* method returns a factory pre-configured to resist common XML attack vectors (XXE, billion laughs, external resource resolution). Overloads accepting flags let callers relax specific defaults when they legitimately need DOCTYPE support or external resource resolution.

Methods Summary

Methods
Type Params	Return Type	Name and description
	`public static DocumentBuilderFactory`	`createDocumentBuilderFactory()` Creates a new hardened DocumentBuilderFactory.
	`public static DocumentBuilderFactory`	`createDocumentBuilderFactory(boolean allowDocTypeDeclaration)` Creates a new hardened DocumentBuilderFactory.
	`public static SAXParserFactory`	`createSaxParserFactory()` Creates a new hardened SAXParserFactory.
	`public static SAXParserFactory`	`createSaxParserFactory(boolean allowDocTypeDeclaration)` Creates a new hardened SAXParserFactory.
	`public static SchemaFactory`	`createSchemaFactory(String schemaLanguage)` Creates a new hardened SchemaFactory for the requested schema language.
	`public static TransformerFactory`	`createTransformerFactory(boolean allowDocTypeDeclaration, boolean allowExternalResources)` Creates a new hardened TransformerFactory.
	`public static XMLInputFactory`	`createXMLInputFactory()` Creates a new hardened XMLInputFactory for StAX parsing.
	`public static XMLInputFactory`	`createXMLInputFactory(boolean allowDocTypeDeclaration)` Creates a new hardened XMLInputFactory for StAX parsing.
	`public static XPathFactory`	`createXPathFactory()` Creates a new hardened XPathFactory.

Inherited Methods Summary

Inherited Methods
Methods inherited from class	Name
`class Object`	`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

- Method Detail
  - public static DocumentBuilderFactory createDocumentBuilderFactory()
    
    Creates a new hardened DocumentBuilderFactory.
    Equivalent to createDocumentBuilderFactory(boolean) createDocumentBuilderFactory(false): DOCTYPE declarations are rejected and XMLConstants.FEATURE_SECURE_PROCESSING is enabled. Pass true to createDocumentBuilderFactory(boolean) if DOCTYPE support is required.
    Note: prior to Groovy 6.0.0 this method returned a bare JDK factory with no hardening applied. Callers that previously parsed DOCTYPE-bearing documents through the returned factory must switch to createDocumentBuilderFactory(boolean) createDocumentBuilderFactory(true).
    throws:
    ParserConfigurationException if the factory cannot be created
    
    Returns:
    a newly created, hardened document builder factory
  - public static DocumentBuilderFactory createDocumentBuilderFactory(boolean allowDocTypeDeclaration)
    
    Creates a new hardened DocumentBuilderFactory.
    The returned factory has XMLConstants.FEATURE_SECURE_PROCESSING enabled, the Apache disallow-doctype-decl feature toggled according to the allowDocTypeDeclaration flag, XInclude disabled, and entity reference expansion disabled.
    throws:
    ParserConfigurationException if the factory cannot be created
    
    Parameters:
    allowDocTypeDeclaration - whether DOCTYPE declarations are allowed in parsed documents (defaults should be false for untrusted input)
    Returns:
    a newly created, hardened document builder factory
    Since:
    6.0.0
  - public static SAXParserFactory createSaxParserFactory()
    
    Creates a new hardened SAXParserFactory.
    Equivalent to createSaxParserFactory(boolean) createSaxParserFactory(false): DOCTYPE declarations are rejected and XMLConstants.FEATURE_SECURE_PROCESSING is enabled. Pass true to createSaxParserFactory(boolean) if DOCTYPE support is required.
    Note: prior to Groovy 6.0.0 this method returned a bare JDK factory with no hardening applied. Callers that previously parsed DOCTYPE-bearing documents through the returned factory must switch to createSaxParserFactory(boolean) createSaxParserFactory(true).
    throws:
    ParserConfigurationException if the factory cannot be created
    
    Returns:
    a newly created, hardened SAX parser factory
  - public static SAXParserFactory createSaxParserFactory(boolean allowDocTypeDeclaration)
    
    Creates a new hardened SAXParserFactory.
    The returned factory has XMLConstants.FEATURE_SECURE_PROCESSING enabled and the Apache disallow-doctype-decl feature toggled according to the allowDocTypeDeclaration flag.
    throws:
    ParserConfigurationException if the factory cannot be created
    
    Parameters:
    allowDocTypeDeclaration - whether DOCTYPE declarations are allowed in parsed documents (defaults should be false for untrusted input)
    Returns:
    a newly created, hardened SAX parser factory
    Since:
    6.0.0
  - public static SchemaFactory createSchemaFactory(String schemaLanguage)
    
    Creates a new hardened SchemaFactory for the requested schema language.
    The returned factory has XMLConstants.FEATURE_SECURE_PROCESSING enabled. External schema resolution is left at JDK defaults so that legitimate <xs:import>/<xs:include> usages continue to work; callers needing stricter behaviour can set XMLConstants.ACCESS_EXTERNAL_SCHEMA or XMLConstants.ACCESS_EXTERNAL_DTD on the returned factory.
    Parameters:
    schemaLanguage - the schema language URI (see XMLConstants)
    Returns:
    a newly created, hardened schema factory
    Since:
    6.0.0
  - public static TransformerFactory createTransformerFactory(boolean allowDocTypeDeclaration, boolean allowExternalResources)
    
    Creates a new hardened TransformerFactory.
    The returned factory has XMLConstants.FEATURE_SECURE_PROCESSING enabled and the Apache disallow-doctype-decl feature toggled according to the allowDocTypeDeclaration flag. Access to external DTDs and stylesheets is blocked unless allowExternalResources is true.
    Parameters:
    allowDocTypeDeclaration - whether DOCTYPE declarations are allowed in transformed documents
    allowExternalResources - whether <xsl:import>/<xsl:include> may resolve external DTDs or stylesheets
    Returns:
    a newly created, hardened transformer factory
    Since:
    6.0.0
  - public static XMLInputFactory createXMLInputFactory()
    
    Creates a new hardened XMLInputFactory for StAX parsing.
    Equivalent to createXMLInputFactory(false): DTD support and external entity resolution are disabled.
    Returns:
    a newly created, hardened StAX input factory
    Since:
    6.0.0
  - public static XMLInputFactory createXMLInputFactory(boolean allowDocTypeDeclaration)
    
    Creates a new hardened XMLInputFactory for StAX parsing.
    The returned factory disables external entity resolution unconditionally and toggles XMLInputFactory.SUPPORT_DTD according to the allowDocTypeDeclaration flag.
    Parameters:
    allowDocTypeDeclaration - whether DOCTYPE declarations are allowed in parsed documents (defaults should be false for untrusted input)
    Returns:
    a newly created, hardened StAX input factory
    Since:
    6.0.0
  - public static XPathFactory createXPathFactory()
    
    Creates a new hardened XPathFactory.
    The returned factory has XMLConstants.FEATURE_SECURE_PROCESSING enabled.
    Returns:
    a newly created, hardened XPath factory
    Since:
    6.0.0

Summary:
Method

| Detail:
Method

[Java] Class FactorySupport

Methods Summary

Inherited Methods Summary

Method Detail

public static DocumentBuilderFactory createDocumentBuilderFactory()

public static DocumentBuilderFactory createDocumentBuilderFactory(boolean allowDocTypeDeclaration)

public static SAXParserFactory createSaxParserFactory()

public static SAXParserFactory createSaxParserFactory(boolean allowDocTypeDeclaration)

public static SchemaFactory createSchemaFactory(String schemaLanguage)

public static TransformerFactory createTransformerFactory(boolean allowDocTypeDeclaration, boolean allowExternalResources)

public static XMLInputFactory createXMLInputFactory()

public static XMLInputFactory createXMLInputFactory(boolean allowDocTypeDeclaration)

public static XPathFactory createXPathFactory()