poi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kiwiwi...@apache.org
Subject svn commit: r1875860 - /poi/trunk/src/java/org/apache/poi/util/XMLHelper.java
Date Sun, 29 Mar 2020 14:55:31 GMT
Author: kiwiwings
Date: Sun Mar 29 14:55:31 2020
New Revision: 1875860

URL: http://svn.apache.org/viewvc?rev=1875860&view=rev
Log:
Sonar Fixes - try to fix XXE warnings

Modified:
    poi/trunk/src/java/org/apache/poi/util/XMLHelper.java

Modified: poi/trunk/src/java/org/apache/poi/util/XMLHelper.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/util/XMLHelper.java?rev=1875860&r1=1875859&r2=1875860&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/util/XMLHelper.java (original)
+++ poi/trunk/src/java/org/apache/poi/util/XMLHelper.java Sun Mar 29 14:55:31 2020
@@ -219,6 +219,7 @@ public final class XMLHelper {
         trySet(factory::setFeature, FEATURE_SECURE_PROCESSING, true);
         trySet(factory::setAttribute, ACCESS_EXTERNAL_DTD, "");
         trySet(factory::setAttribute, ACCESS_EXTERNAL_STYLESHEET, "");
+        trySet(factory::setAttribute, ACCESS_EXTERNAL_SCHEMA, "");
         return factory;
     }
 
@@ -235,6 +236,7 @@ public final class XMLHelper {
         SchemaFactory factory = SchemaFactory.newInstance(W3C_XML_SCHEMA_NS_URI);
         trySet(factory::setFeature, FEATURE_SECURE_PROCESSING, true);
         trySet(factory::setProperty, ACCESS_EXTERNAL_DTD, "");
+        trySet(factory::setProperty, ACCESS_EXTERNAL_STYLESHEET, "");
         trySet(factory::setProperty, ACCESS_EXTERNAL_SCHEMA, "");
         return factory;
     }



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org


Mime
View raw message