Here are the examples of the java api class com.sun.org.apache.xml.internal.serialize.XMLSerializer taken from open source projects.
1. BlazeDsXmlProcessingXXEVulnerability#testVulnerability()
Project: flex-blazeds
File: BlazeDsXmlProcessingXXEVulnerability.java
File: BlazeDsXmlProcessingXXEVulnerability.java
public void testVulnerability() throws Exception { int secret = (int) (Math.random() * 1000); // Create a temp file containing a secret. File temp = File.createTempFile("xxe-test", ".txt"); PrintWriter out = new PrintWriter(temp); out.println(Integer.toString(secret)); out.close(); String uri = temp.toURI().toASCIIString(); StringBuffer xml = new StringBuffer(512); xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n"); xml.append("<!DOCTYPE foo [\r\n"); xml.append("<!ELEMENT foo ANY >\r\n"); xml.append("<!ENTITY xxe SYSTEM \"" + uri + "\" >]>\r\n"); xml.append("<foo>The Secret is: &xxe;</foo>"); Document data = XMLUtil.stringToDocument(xml.toString()); OutputFormat format = new OutputFormat(data); StringWriter stringOut = new StringWriter(); XMLSerializer serial = new XMLSerializer(stringOut, format); serial.serialize(data); Assert.assertFalse(stringOut.toString().contains("The Secret is: " + Integer.toString(secret))); }
2. XmlUtils#formatXml()
Project: Doradus
File: XmlUtils.java
File: XmlUtils.java
public static String formatXml(String xmlText, String prefix) throws Exception { if (xmlText == null) return xmlText; Document doc = parseXml(xmlText); OutputFormat format = new OutputFormat(doc); format.setLineWidth(120); format.setIndenting(true); format.setIndent(4); Writer out = new StringWriter(); XMLSerializer serializer = new XMLSerializer(out, format); serializer.serialize(doc); xmlText = StringUtils.trim(out.toString(), " \r\n"); if (xmlText.startsWith("<?xml")) { int ind = xmlText.indexOf("?>"); if (ind > 1) { xmlText = xmlText.substring(ind + 2); xmlText = StringUtils.trim(xmlText, " \r\n"); } } return StringUtils.formatText(xmlText, prefix); }