DefaultEntityResolver: more informative error message for invalid types.

Author: carlosame

src/io/sf/carte/doc/xml/dtd/DefaultEntityResolver.java

@@ -370,7 +370,16 @@ public final InputSource resolveEntity(String name, String publicId, String base
 				if (con instanceof HttpURLConnection) {
 					((HttpURLConnection) con).disconnect();
 				}
-				throw new SAXException("Invalid url: " + enturl.toExternalForm());
+				String msg = enturl.toExternalForm();
+				if (conType != null) {
+					// Sanitize untrusted content-type by removing control characters
+					// ('Other, Control' unicode category).
+					conType = conType.replaceAll("\\p{Cc}", "*CTRL*");
+					msg = "URL served with invalid type (" + conType + "): " + msg;
+				} else {
+					msg = "URL served with invalid type: " + msg;
+				}
+				throw new SAXException(msg);
 			}
 			isrc = new InputSource();
 			isrc.setSystemId(enturl.toExternalForm());