You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2016/04/17 11:30:52 UTC
svn commit: r1739563 - in /pdfbox/trunk:
pdfbox/src/main/java/org/apache/pdfbox/pdmodel/fdf/XMLUtil.java
pdfbox/src/main/java/org/apache/pdfbox/pdmodel/interactive/form/PDXFAResource.java
xmpbox/src/main/java/org/apache/xmpbox/xml/DomXmpParser.java
Author: tilman
Date: Sun Apr 17 09:30:52 2016
New Revision: 1739563
URL: http://svn.apache.org/viewvc?rev=1739563&view=rev
Log:
PDFBOX-2852: improve factory config
Modified:
pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/fdf/XMLUtil.java
pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/interactive/form/PDXFAResource.java
pdfbox/trunk/xmpbox/src/main/java/org/apache/xmpbox/xml/DomXmpParser.java
Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/fdf/XMLUtil.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/fdf/XMLUtil.java?rev=1739563&r1=1739562&r2=1739563&view=diff
==============================================================================
--- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/fdf/XMLUtil.java (original)
+++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/fdf/XMLUtil.java Sun Apr 17 09:30:52 2016
@@ -58,6 +58,12 @@ final class XMLUtil
try
{
DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance();
+ builderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ builderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ builderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ builderFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+ builderFactory.setXIncludeAware(false);
+ builderFactory.setExpandEntityReferences(false);
DocumentBuilder builder = builderFactory.newDocumentBuilder();
return builder.parse(is);
}
Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/interactive/form/PDXFAResource.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/interactive/form/PDXFAResource.java?rev=1739563&r1=1739562&r2=1739563&view=diff
==============================================================================
--- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/interactive/form/PDXFAResource.java (original)
+++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/interactive/form/PDXFAResource.java Sun Apr 17 09:30:52 2016
@@ -150,6 +150,12 @@ public final class PDXFAResource impleme
public Document getDocument() throws ParserConfigurationException, SAXException, IOException
{
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+ factory.setXIncludeAware(false);
+ factory.setExpandEntityReferences(false);
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
return builder.parse(new ByteArrayInputStream(this.getBytes()));
Modified: pdfbox/trunk/xmpbox/src/main/java/org/apache/xmpbox/xml/DomXmpParser.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/xmpbox/src/main/java/org/apache/xmpbox/xml/DomXmpParser.java?rev=1739563&r1=1739562&r2=1739563&view=diff
==============================================================================
--- pdfbox/trunk/xmpbox/src/main/java/org/apache/xmpbox/xml/DomXmpParser.java (original)
+++ pdfbox/trunk/xmpbox/src/main/java/org/apache/xmpbox/xml/DomXmpParser.java Sun Apr 17 09:30:52 2016
@@ -78,6 +78,12 @@ public class DomXmpParser
try
{
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+ dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ dbFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+ dbFactory.setXIncludeAware(false);
+ dbFactory.setExpandEntityReferences(false);
dbFactory.setNamespaceAware(true);
dBuilder = dbFactory.newDocumentBuilder();
nsFinder = new NamespaceFinder();
@@ -86,7 +92,6 @@ public class DomXmpParser
{
throw new XmpParsingException(ErrorType.Configuration, "Failed to initilalize", e);
}
-
}
public boolean isStrictParsing()