You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/04/29 15:19:00 UTC

[jira] [Resolved] (CXF-8273) Remove static methods from StaxUtils to restrict XML level/count

     [ https://issues.apache.org/jira/browse/CXF-8273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved CXF-8273.
--------------------------------------
    Resolution: Fixed

> Remove static methods from StaxUtils to restrict XML level/count
> ----------------------------------------------------------------
>
>                 Key: CXF-8273
>                 URL: https://issues.apache.org/jira/browse/CXF-8273
>             Project: CXF
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 3.4.0
>
>
> This task is to remove static methods from StaxUtils to restrict XML level/count:
>  
> {code:java}
> -    public static void setInnerElementLevelThreshold(int i) {
> -        innerElementLevelThreshold = i != -1 ? i : 500;
> -        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth", innerElementLevelThreshold);
> -    }
> -    public static void setInnerElementCountThreshold(int i) {
> -        innerElementCountThreshold = i != -1 ? i : 50000;
> -        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxChildrenPerElement", innerElementCountThreshold);
> -    }
> {code}
> These methods are problematic as they only set the property on the SAFE_INPUT_FACTORY and not on any of the instances that might already be stored in the NS_AWARE_INPUT_FACTORY_POOL. Instead, set the system properties to customize how we restrict XML.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)