Java System Properties
Quick Reference Guide

jdk.xml.entityExpansionLimit Java System Property

The jdk.xml.entityExpansionLimit Java System Property accepts an integer value that limits how many times an xml entity may be expanded.

Default Value


Overview of jdk.xml.entityExpansionLimit

The java system property jdk.xml.entityExpansionLimit sets an upper limit on the number of attributes an XML element may have.

The reasoning for creating the jdk.xml.entityExpansionLimit setting was to avoid XML parser denial of service attacks such as the Billion Laughs Attack:

<!DOCTYPE root [

In this case we are creating a recursive expansion of the XML entities using a very small XML document.

Security Tip

Be careful when setting jdk.xml.entityExpansionLimit that you do not to set it too high. If you set jdk.xml.entityExpansionLimit too high, it may result in resource exhaustion, or a denial of service.

Error Message

Here's the error you might see triggered due to reaching the XML entity expansion limit:

The parser has encountered more than "64000" entity expansions in this document; this is the limit imposed by the JDK.

In some cases you may also see this is the limit imposed by the application.

Legacy Property -DentityExpansionLimit

Older versions of Java (Java 1.5 for example) may only work with the legacy version of the property, which omits the jdk.xml prefix, and just uses entityExpansionLimit. This older property is still supported for backwards compatibility reasons, you may wish to update it to the full property name for clarity.

Related System Properties

Here are some other XML java system properties:


Set Via

The jdk.xml.entityExpansionLimit can be specified in the file, typically located in jvm's conf/ of your JVM. You can also create your own file which can be set via the java.xml.config.file java system property.

Supported Since

Java has supported the jdk.xml.entityExpansionLimit system property since version 1.5 as entityExpansionLimit, supported later as jdk.xml.entityExpansionLimit.

Setting jdk.xml.entityExpansionLimit on Startup

You can set the jdk.xml.entityExpansionLimit java system property during startup of the java runtime using the -D command line argument:

java -Djdk.xml.entityExpansionLimit=100 MyAppMain

You may also be able to specify jdk.xml.entityExpansionLimit via the JAVA_TOOL_OPTIONS environment variable:


Setting / Reading jdk.xml.entityExpansionLimit at Runtime

You can set jdk.xml.entityExpansionLimit at runtime with the following Java code:

System.setProperty("jdk.xml.entityExpansionLimit", "100");

WARNING: Depending on the property and JVM version using setProperty may or may not work if the JDK Java class that uses this variable has already been loaded. The value of the jdk.xml.entityExpansionLimit system property may be cached within an internal private static variable of the implementing class.

To read the value of jdk.xml.entityExpansionLimit at runtime, you can use this Java code:

String propertyValue = System.getProperty("jdk.xml.entityExpansionLimit");
if (propertyValue != null) {
    System.out.println("jdk.xml.entityExpansionLimit = " + propertyValue);
} else {
    System.out.println("jdk.xml.entityExpansionLimit was null");