tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: Jasper and external entities parsing
Date Thu, 17 Mar 2005 09:46:49 GMT
Henri Gomez wrote:
> From what I see in the 5.5.8 code the external entities cannot be
> resolved since we provide an InputSource to the documentBuilder in
> ParseUtils :
> 
>    private void processWebDotXml(ServletContext ctxt) throws JasperException {
> 
> 	InputStream is = null;
> 
>         try {
>             is = ctxt.getResourceAsStream(WEB_XML);
> 	    if (is == null) {
> 	        // no web.xml
> 	        return;
> 	    }
> 
> 	    ParserUtils pu = new ParserUtils();
> 	    TreeNode webApp = pu.parseXMLDocument(WEB_XML, is);
> 	    if (webApp == null
>                     || !"2.4".equals(webApp.findAttribute("version"))) {
> 	        defaultIsELIgnored = "true";
> 	        return;
> 	    }
> 
> As such when the documentBuilder found a partial external entities,
> like <!ENTITY base      SYSTEM "base.xml">, it has no idea of its root
> location and as such consider as a file and provide it a dummy base
> location.
> 
> What could be done it to use the ctxt.getResourceAsStream() after
> cleaning the systemId reference from any file:// reference (ie:
> file:///C:/eclipse3/base.xml => WEB-INF/base.xml).
> 
> Remmy do you agree on this since which such we stay independancy from
> being on file or other way ?

Ask Jan. It seems quite ugly and special purpose.

Rémy

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message