You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fop-dev@xmlgraphics.apache.org by "Graham Hadden (Jira)" <ji...@apache.org> on 2020/12/02 11:08:00 UTC
[jira] [Created] (FOP-2987) Allow FOP to set Batik
blockExternalResources flag
Graham Hadden created FOP-2987:
----------------------------------
Summary: Allow FOP to set Batik blockExternalResources flag
Key: FOP-2987
URL: https://issues.apache.org/jira/browse/FOP-2987
Project: FOP
Issue Type: New Feature
Components: image/svg
Reporter: Graham Hadden
Batik 1.13+ has a flag blockExternalResources to allow blocking of external resources in the xlink:href of SVGs (see https://issues.apache.org/jira/browse/BATIK-1276).
However, there doesn't seem to be any way to set this flag within FOP which leaves the original SSRF security vulnerability open.
We would like to request that a new feature is added to FOP such that it's possible to set the Batik blockExternalResources flag via config.
Thank you.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)