--- xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java	2015/03/05 12:42:03	1664334
+++ xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java	2015/03/05 12:53:44	1664335
@@ -30,26 +30,26 @@
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 
-import org.apache.batik.util.HaltingThread;
-import org.apache.batik.util.XMLConstants;
-
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.DocumentType;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 import org.xml.sax.Attributes;
 import org.xml.sax.ErrorHandler;
 import org.xml.sax.InputSource;
 import org.xml.sax.Locator;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
 import org.xml.sax.SAXParseException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.ext.LexicalHandler;
 import org.xml.sax.helpers.DefaultHandler;
 import org.xml.sax.helpers.XMLReaderFactory;
 
-import org.w3c.dom.DOMImplementation;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentType;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
+import org.apache.batik.util.HaltingThread;
+import org.apache.batik.util.XMLConstants;
 
 /**
  * This class contains methods for creating Document instances
@@ -399,6 +399,16 @@
     static SAXParserFactory saxFactory;
     static {
         saxFactory = SAXParserFactory.newInstance();
+        try {
+            saxFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            saxFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+        } catch (SAXNotRecognizedException e) {
+            e.printStackTrace();
+        } catch (SAXNotSupportedException e) {
+            e.printStackTrace();
+        } catch (ParserConfigurationException e) {
+            e.printStackTrace();
+        }
     }
 
     /**