lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Schindler (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-3895) For several reasons, disabling the resolving of external entities within the Solr UpdateRequestHandler for XML would be good.
Date Wed, 26 Sep 2012 08:50:10 GMT

    [ https://issues.apache.org/jira/browse/SOLR-3895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13463630#comment-13463630
] 

Uwe Schindler commented on SOLR-3895:
-------------------------------------

Hi Martin,
thanks for your report after our communication about this before. I agree, it would be a good
idea to not allow external entities (those can be e.g., references to external DTDs - but
we never check XML validity according to a DTD) and also other external entities like &foobar;
introduced by those DTDs should not be loaded:

- Lot's of XML files come with a DTD declaration (like XHTML document or similar things).
If you would pass those XML documents through the update handler (with e.g. XSL transforming
to Solr XML), those DTDs would be resolved and loaded by the xml parser - with no use for
Solr.
- All documents passed to XMLRequestHandler should be self-complete, means no includes or
similar things. xinclude is not enabled for XML-updates, so external entities should also
be ignored.
                
> For several reasons, disabling the resolving of external entities within the Solr UpdateRequestHandler
for XML would be good.
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-3895
>                 URL: https://issues.apache.org/jira/browse/SOLR-3895
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Martin Herfurt
>            Assignee: Uwe Schindler
>            Priority: Minor
>
> The Solr UpdateRequestHandler for XML currently resolves so-called XML External Entities.
Not resolving XML External Entities would - among other things - improve Solr's update performance.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message