include::../description.adoc[]

== Noncompliant Code Example

----
Transformer transformer = TransformerFactory.newInstance().newTransformer();
transformer.transform(input, result);
----

== Compliant Solution

Recommended:


----
TransformerFactory factory = TransformerFactory.newInstance();
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");

Transformer transformer = factory.newTransformer();

transformer.transform(input, result);
----

Implementation dependent:


----
TransformerFactory factory = TransformerFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

Transformer transformer = factory.newTransformer();

transformer.transform(input, result);
----

include::../see.adoc[]