Index: Lib/xml/sax/drivers2/drv_javasax.py =================================================================== --- Lib/xml/sax/drivers2/drv_javasax.py (revision 7110) +++ Lib/xml/sax/drivers2/drv_javasax.py (working copy) @@ -368,11 +368,37 @@ def create_java_parser(jdriver = None): try: if jdriver: - return XMLReaderFactory.createXMLReader(jdriver) + xmlReader = XMLReaderFactory.createXMLReader(jdriver) elif jaxp: - return factory.newSAXParser().getXMLReader() + xmlReader = factory.newSAXParser().getXMLReader() else: - return XMLReaderFactory.createXMLReader() + xmlReader = XMLReaderFactory.createXMLReader() + + # CPython does not check DTDs. + # To match the behavior of CPython, we attempt to disable loading of + # DTDs in a parser-agnostic fashion. + # Unfortunately, there is no truly parser-agnostic fashion for doing so; + # for Xerxes, the Apache load-external-dtd feature must be used. + # If that fails, an attempt is made to disable some standard features + # that may work to disable DTD loading. + try: + xmlReader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", False) + except javasax.SAXException, e: + # we must not be using Xerxes + try: + xmlReader.setFeature(feature_external_ges, False) + except javasax.SAXException, e: + pass + try: + xmlReader.setFeature(feature_external_pes, False) + except javasax.SAXException, e: + pass + try: + xmlReader.setFeature("http://xml.org/sax/features/resolve-dtd-uris", False) + except javasax.SAXException, e: + pass + return xmlReader + except ParserConfigurationException, e: raise _exceptions.SAXReaderNotAvailable(e.getMessage()) except javasax.SAXException, e: