Prevent user supplied XSLTs from defining external entities This is part 2 of 2 of the fix for CVE-2014-0096