commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Tompkins (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (JELLY-293) Accommodate toggling off DTD external entities.
Date Thu, 24 Aug 2017 11:16:01 GMT

     [ https://issues.apache.org/jira/browse/JELLY-293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rob Tompkins updated JELLY-293:
-------------------------------
    Assignee: Rob Tompkins

> Accommodate toggling off DTD external entities.
> -----------------------------------------------
>
>                 Key: JELLY-293
>                 URL: https://issues.apache.org/jira/browse/JELLY-293
>             Project: Commons Jelly
>          Issue Type: Bug
>          Components: core / taglib.core
>    Affects Versions: 1.0
>            Reporter: Rob Tompkins
>            Assignee: Rob Tompkins
>             Fix For: 1.0.1
>
>
> We want the ability to configure whether or not jelly files can be declared such that
the doctype definition at the beginning of the XML can call out to external entities under
the parsing by SAX in the xerces project.
> The suggested fix is to add
> {code:java}
> if (!allowDtdToCallExternalEntities) {
>     reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
>     reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
>     reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",
false);
> }
> {code}
> immediately following this line: https://github.com/apache/commons-jelly/blob/commons-jelly-1.0/src/java/org/apache/commons/jelly/parser/XMLParser.java#L496



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message