Reference code: DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); documentBuilderFactory.setFeature(“http://xml.org/sax/features/external-general-entities”, false); documentBuilderFactory.setFeature(“http://xml.org/sax/features/external-parameter-entities”, false); documentBuilderFactory.setFeature(“http://apache.org/xml/features/disallow-doctype-decl”, true); documentBuilderFactory.setXIncludeAware(false); documentBuilderFactory.setExpandEntityReferences(false); ……