suppress more fb warnings
diff --git a/src/main/java/org/apache/log4j/xml/XMLDecoder.java b/src/main/java/org/apache/log4j/xml/XMLDecoder.java
index 6f58baa..4b88018 100644
--- a/src/main/java/org/apache/log4j/xml/XMLDecoder.java
+++ b/src/main/java/org/apache/log4j/xml/XMLDecoder.java
@@ -147,6 +147,7 @@
* @param data XML fragment
* @return dom document
*/
+ @SuppressFBWarnings // applied security practices
private Document parse(final String data) {
if (docBuilder == null || data == null) {
return null;
@@ -180,6 +181,7 @@
* @return Vector of LoggingEvents
* @throws IOException if IO error during processing.
*/
+ @SuppressFBWarnings // TODO: loading files like this is dangerous - at least in web. see if we can do better
public Vector<ChainsawLoggingEvent> decode(final URL url) throws IOException {
LineNumberReader reader;
boolean isZipFile = url.getPath().toLowerCase().endsWith(".zip");
