tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Gomez <henri.go...@gmail.com>
Subject Jasper and external entities parsing
Date Thu, 17 Mar 2005 09:37:19 GMT
>From what I see in the 5.5.8 code the external entities cannot be
resolved since we provide an InputSource to the documentBuilder in
ParseUtils :

   private void processWebDotXml(ServletContext ctxt) throws JasperException {

	InputStream is = null;

        try {
            is = ctxt.getResourceAsStream(WEB_XML);
	    if (is == null) {
	        // no web.xml
	        return;
	    }

	    ParserUtils pu = new ParserUtils();
	    TreeNode webApp = pu.parseXMLDocument(WEB_XML, is);
	    if (webApp == null
                    || !"2.4".equals(webApp.findAttribute("version"))) {
	        defaultIsELIgnored = "true";
	        return;
	    }

As such when the documentBuilder found a partial external entities,
like <!ENTITY base      SYSTEM "base.xml">, it has no idea of its root
location and as such consider as a file and provide it a dummy base
location.

What could be done it to use the ctxt.getResourceAsStream() after
cleaning the systemId reference from any file:// reference (ie:
file:///C:/eclipse3/base.xml => WEB-INF/base.xml).

Remmy do you agree on this since which such we stay independancy from
being on file or other way ?

Regards

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message