commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Tompkins (JIRA)" <>
Subject [jira] [Created] (JELLY-293) Accommodate toggling off DTD external entities.
Date Thu, 24 Aug 2017 10:54:02 GMT
Rob Tompkins created JELLY-293:

             Summary: Accommodate toggling off DTD external entities.
                 Key: JELLY-293
             Project: Commons Jelly
          Issue Type: Bug
          Components: core / taglib.core
    Affects Versions: 1.0
            Reporter: Rob Tompkins
             Fix For: 1.0.1

We want the ability to configure whether or not jelly files can be declared such that the
doctype definition at the beginning of the XML can call out to external entities under the
parsing by SAX in the xerces project.

The suggested fix is to add

if (!allowDtdToCallExternalEntities) {
    reader.setFeature("", false);
    reader.setFeature("", false);
     reader.setFeature("", false);
immediately following this line:

This message was sent by Atlassian JIRA

View raw message