You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/03/08 12:16:45 UTC
[cxf] branch master updated: Adding the secure processing feature
in a few more places
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 6ea2fa6 Adding the secure processing feature in a few more places
6ea2fa6 is described below
commit 6ea2fa690b4b75d340919b2cac1cda3a93cd1bb5
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Mar 8 12:16:28 2018 +0000
Adding the secure processing feature in a few more places
---
core/src/main/java/org/apache/cxf/helpers/DOMUtils.java | 2 ++
.../src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java | 5 +++++
2 files changed, 7 insertions(+)
diff --git a/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java b/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
index a8da819..5b79367 100644
--- a/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
+++ b/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
@@ -99,6 +99,7 @@ public final class DOMUtils {
DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
f.setNamespaceAware(true);
f.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
return f.newDocumentBuilder();
}
DocumentBuilder factory = DOCUMENT_BUILDERS.get(loader);
@@ -106,6 +107,7 @@ public final class DOMUtils {
DocumentBuilderFactory f2 = DocumentBuilderFactory.newInstance();
f2.setNamespaceAware(true);
f2.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ f2.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
factory = f2.newDocumentBuilder();
DOCUMENT_BUILDERS.put(loader, factory);
}
diff --git a/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java b/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java
index f9d1ff5..a9de412 100644
--- a/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java
+++ b/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java
@@ -115,6 +115,11 @@ public class XMLTypeCreator extends AbstractTypeCreator {
static {
AEGIS_DOCUMENT_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
AEGIS_DOCUMENT_BUILDER_FACTORY.setNamespaceAware(true);
+ try {
+ AEGIS_DOCUMENT_BUILDER_FACTORY.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (javax.xml.parsers.ParserConfigurationException ex) {
+ // ignore
+ }
String path = "/META-INF/cxf/aegis.xsd";
InputStream is = XMLTypeCreator.class.getResourceAsStream(path);
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.