You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/04/29 15:19:00 UTC
[jira] [Resolved] (CXF-8273) Remove static methods from StaxUtils
to restrict XML level/count
[ https://issues.apache.org/jira/browse/CXF-8273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved CXF-8273.
--------------------------------------
Resolution: Fixed
> Remove static methods from StaxUtils to restrict XML level/count
> ----------------------------------------------------------------
>
> Key: CXF-8273
> URL: https://issues.apache.org/jira/browse/CXF-8273
> Project: CXF
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 3.4.0
>
>
> This task is to remove static methods from StaxUtils to restrict XML level/count:
>
> {code:java}
> - public static void setInnerElementLevelThreshold(int i) {
> - innerElementLevelThreshold = i != -1 ? i : 500;
> - setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth", innerElementLevelThreshold);
> - }
> - public static void setInnerElementCountThreshold(int i) {
> - innerElementCountThreshold = i != -1 ? i : 50000;
> - setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxChildrenPerElement", innerElementCountThreshold);
> - }
> {code}
> These methods are problematic as they only set the property on the SAFE_INPUT_FACTORY and not on any of the instances that might already be stored in the NS_AWARE_INPUT_FACTORY_POOL. Instead, set the system properties to customize how we restrict XML.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)