You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by co...@apache.org on 2019/10/11 09:38:31 UTC
[camel] branch camel-2.x updated: Disable external entities for
schematron component
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch camel-2.x
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/camel-2.x by this push:
new 85043c3 Disable external entities for schematron component
85043c3 is described below
commit 85043c375d22f151e41aaa0a5f51ee1cf88a9300
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Oct 11 10:37:17 2019 +0100
Disable external entities for schematron component
---
.../schematron/processor/SchematronProcessorFactory.java | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java b/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java
index 13f146e..1f098da 100644
--- a/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java
+++ b/components/camel-schematron/src/main/java/org/apache/camel/component/schematron/processor/SchematronProcessorFactory.java
@@ -69,7 +69,15 @@ public final class SchematronProcessorFactory {
*/
private static XMLReader getXMLReader() throws ParserConfigurationException, SAXException {
final SAXParserFactory fac = SAXParserFactory.newInstance();
- fac.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+ try {
+ fac.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+ fac.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ fac.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ fac.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+ } catch (ParserConfigurationException | SAXException ex) {
+ // LOG.debug("Error setting feature on parser: " +
+ // ex.getMessage());
+ }
fac.setValidating(false);
final SAXParser parser = fac.newSAXParser();
XMLReader reader = parser.getXMLReader();