You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@xalan.apache.org by Mukul Gandhi <mu...@apache.org> on 2022/09/17 13:04:44 UTC
Re: Any more word on patch of xalan-2.7.2 to resolve CVE-2022-34169
Hi James,
On Tue, Aug 16, 2022 at 11:20 PM James Allen <ja...@gmail.com> wrote:
> I tried to remove xalan jar from classpath and use the basic internal jdk version with java 8 or java 11 but found our use of an internal java.util.Hashtable to store and retrieve values stopped working Example (xmlns:myhash="xalan://java.util.Hashtable").
> xsl:variable MYHASH to declare one with myhash:new()
> then myhash:put and myhash:get etc caused no errors but value put in could not be retrieved later with get.
Following is an example, I've tried today, to use java Hashtable via
an XSLT stylesheet processed by Xalan.
XML input document:
<map>
<entry>
<key>1</key>
<value>a</value>
</entry>
<entry>
<key>2</key>
<value>b</value>
</entry>
<entry>
<key>3</key>
<value>c</value>
</entry>
<entry>
<key>4</key>
<value>d</value>
</entry>
</map>
The Java extension utility, that I use to store above XML map data,
within a JVM Hashtable:
import java.util.Hashtable;
import org.w3c.dom.NodeList;
import org.w3c.dom.Node;
public class HashtableUtil {
private static Hashtable hashTable = new Hashtable();
public static void populateHashTable(NodeList mapEntries) {
for (int idx = 0; idx < mapEntries.getLength(); idx++) {
String key = findKeyFromXmlMapItem(mapEntries.item(idx));
String value = findValueFromXmlMapItem(mapEntries.item(idx));
hashTable.put(key, value);
}
}
public static String getValueFromMap(String key) {
return (String)hashTable.get(key);
}
private static String findKeyFromXmlMapItem(Node node) {
String key = "";
NodeList nodeList = node.getChildNodes();
for (int idx = 0; idx < nodeList.getLength(); idx++) {
Node nodeChild = nodeList.item(idx);
if (nodeChild.getNodeType() == Node.ELEMENT_NODE &&
"key".equals(nodeChild.getNodeName())) {
key = (nodeChild.getFirstChild()).getNodeValue();
break;
}
}
return key;
}
private static String findValueFromXmlMapItem(Node node) {
String value = "";
NodeList nodeList = node.getChildNodes();
for (int idx = 0; idx < nodeList.getLength(); idx++) {
Node nodeChild = nodeList.item(idx);
if (nodeChild.getNodeType() == Node.ELEMENT_NODE &&
"value".equals(nodeChild.getNodeName())) {
value = (nodeChild.getFirstChild()).getNodeValue();
break;
}
}
return value;
}
}
The XSLT stylesheet, that I've used to tie both of above things (i.e,
using the above mentioned XML map data, and the Java extension
utility):
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:java="http://xml.apache.org/xalan/java"
exclude-result-prefixes="java"
version="1.0">
<xsl:output method="text"/>
<xsl:template match="/">
<xsl:variable name="polulateHashtableAction"
select="java:HashtableUtil.populateHashTable(map/entry)"/>
<xsl:for-each select="map/entry">
<xsl:value-of select="key"/> => <xsl:value-of
select="java:HashtableUtil.getValueFromMap(key)"/><xsl:text>
</xsl:text>
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>
The above XSLT stylesheet when run, produces following output:
1 => a
2 => b
3 => c
4 => d
--
Regards,
Mukul Gandhi
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xalan.apache.org
For additional commands, e-mail: dev-help@xalan.apache.org