Defensive coding around some XML activities that are triggered by web applications and are therefore at potential risk of a memory leak. This is part 3 of 4 of the fix for CVE-2014-0119