From 26c9e741dc7108ba24f7b723582ed0c54d051379 Mon Sep 17 00:00:00 2001
From: Christoffer Lejdborg <christoffer@lejdborg.se>
Date: Mon, 16 Aug 2021 11:32:19 +0200
Subject: [PATCH] Prevent XXE injection when parsing XML

---
 .../src/main/scala/play/api/libs/ws/XMLBodyReadables.scala      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/play-ws-standalone-xml/src/main/scala/play/api/libs/ws/XMLBodyReadables.scala b/play-ws-standalone-xml/src/main/scala/play/api/libs/ws/XMLBodyReadables.scala
index e338b145d..a58b444d3 100644
--- a/play-ws-standalone-xml/src/main/scala/play/api/libs/ws/XMLBodyReadables.scala
+++ b/play-ws-standalone-xml/src/main/scala/play/api/libs/ws/XMLBodyReadables.scala
@@ -25,7 +25,7 @@ trait XMLBodyReadables {
    * }}}
    */
   implicit val readableAsXml: BodyReadable[Elem] = BodyReadable { response =>
-    xml.XML.load(new InputSource(new ByteArrayInputStream(response.bodyAsBytes.toArray)))
+    XML.parser.load(new InputSource(new ByteArrayInputStream(response.bodyAsBytes.toArray)))
   }
 
 }