You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/03/08 14:06:58 UTC
[cxf] branch 3.1.x-fixes updated: Adding the secure processing
feature in a few more places
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.1.x-fixes by this push:
new aa170ad Adding the secure processing feature in a few more places
aa170ad is described below
commit aa170adc05a5020587161e2e43988f3b4f529b2a
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Mar 8 12:16:28 2018 +0000
Adding the secure processing feature in a few more places
---
core/src/main/java/org/apache/cxf/helpers/DOMUtils.java | 2 ++
.../src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java | 7 ++++++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java b/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
index 2d4697a..626db9e 100644
--- a/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
+++ b/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
@@ -72,6 +72,7 @@ public final class DOMUtils {
DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
f.setNamespaceAware(true);
f.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
return f.newDocumentBuilder();
}
DocumentBuilder factory = DOCUMENT_BUILDERS.get(loader);
@@ -79,6 +80,7 @@ public final class DOMUtils {
DocumentBuilderFactory f2 = DocumentBuilderFactory.newInstance();
f2.setNamespaceAware(true);
f2.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ f2.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
factory = f2.newDocumentBuilder();
DOCUMENT_BUILDERS.put(loader, factory);
}
diff --git a/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java b/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java
index d7f69e6..fbe77d3 100644
--- a/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java
+++ b/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/XMLTypeCreator.java
@@ -115,7 +115,12 @@ public class XMLTypeCreator extends AbstractTypeCreator {
static {
AEGIS_DOCUMENT_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
AEGIS_DOCUMENT_BUILDER_FACTORY.setNamespaceAware(true);
-
+ try {
+ AEGIS_DOCUMENT_BUILDER_FACTORY.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (javax.xml.parsers.ParserConfigurationException ex) {
+ // ignore
+ }
+
String path = "/META-INF/cxf/aegis.xsd";
InputStream is = XMLTypeCreator.class.getResourceAsStream(path);
if (is != null) {
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.