You are viewing a plain text version of this content. The canonical link for it is here.
Posted to j-users@xerces.apache.org by Behrang Saeedzadeh <be...@gmail.com> on 2017/12/23 23:02:55 UTC
How to programmatically disable the TOTAL_ENTITY_SIZE_LIMIT limit?
Hi
JDK is using Xerces by default for StAX and some other XML related APIs.
This implementation
uses com.sun.org.apache.xerces.internal.utils.XMLSecurityManager as the XML
security manager and has a limit
of com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit#TOTAL_ENTITY_SIZE_LIMIT
(5,000,000) enabled by default.
Is there a way to programmatically disable this limit when using StAX?
For example, when creating an XMLInputFactory and XMLEventReader:
final XMLInputFactory inputFactory = XMLInputFactory.newInstance();
final XMLEventReader eventReader =
inputFactory.createXMLEventReader(inputStream);
Best regards,
Behrang Saeedzadeh
Re: How to programmatically disable the TOTAL_ENTITY_SIZE_LIMIT limit?
Posted by Michael Glavassevich <mr...@ca.ibm.com>.
Xerces does not have an implementation of
javax.xml.stream.XMLStreamReader. It seems that you are using Oracle's
JAXP implementation. You're more likely to get a helpful answer on one of
their forums.
Thanks.
Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrglavas@ca.ibm.com
E-mail: mrglavas@apache.org
Behrang Saeedzadeh <be...@gmail.com> wrote on 12/23/2017 06:20:09 PM:
> Apparently it can be disabled globally using the
> "jdk.xml.totalEntitySizeLimit":
> System.setProperty("jdk.xml.totalEntitySizeLimit", "0");
> But I was wondering if it can be disabled on a given XMLEventReader
> or javax.xml.stream.XMLStreamReader?
>
> Best regards,
> Behrang Saeedzadeh
>
> On 24 December 2017 at 10:02, Behrang Saeedzadeh <be...@gmail.com>
wrote:
> Hi
>
> JDK is using Xerces by default for StAX and some other XML related APIs.
>
> This implementation
> uses com.sun.org.apache.xerces.internal.utils.XMLSecurityManager as
> the XML security manager and has a limit
>
of com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit#TOTAL_ENTITY_SIZE_LIMIT
> (5,000,000) enabled by default.
>
> Is there a way to programmatically disable this limit when using StAX?
>
> For example, when creating an XMLInputFactory and XMLEventReader:
>
> final XMLInputFactory inputFactory = XMLInputFactory.newInstance();
> final XMLEventReader eventReader = inputFactory.createXMLEventReader
> (inputStream);
>
> Best regards,
> Behrang Saeedzadeh
Re: How to programmatically disable the TOTAL_ENTITY_SIZE_LIMIT limit?
Posted by Behrang Saeedzadeh <be...@gmail.com>.
Apparently it can be disabled globally using the
"jdk.xml.totalEntitySizeLimit":
System.setProperty("jdk.xml.totalEntitySizeLimit", "0");
But I was wondering if it can be disabled on a given XMLEventReader or
javax.xml.stream.XMLStreamReader?
Best regards,
Behrang Saeedzadeh
On 24 December 2017 at 10:02, Behrang Saeedzadeh <be...@gmail.com>
wrote:
> Hi
>
> JDK is using Xerces by default for StAX and some other XML related APIs.
>
> This implementation uses com.sun.org.apache.xerces.internal.utils.XMLSecurityManager
> as the XML security manager and has a limit of com.sun.org.apache.xerces.
> internal.utils.XMLSecurityManager.Limit#TOTAL_ENTITY_SIZE_LIMIT
> (5,000,000) enabled by default.
>
> Is there a way to programmatically disable this limit when using StAX?
>
> For example, when creating an XMLInputFactory and XMLEventReader:
>
> final XMLInputFactory inputFactory = XMLInputFactory.newInstance();
>
> final XMLEventReader eventReader = inputFactory.createXMLEventReader(inputStream);
>
>
>
> Best regards,
> Behrang Saeedzadeh
>