You are viewing a plain text version of this content. The canonical link for it is here.
Posted to batik-commits@xmlgraphics.apache.org by ss...@apache.org on 2022/11/03 16:01:27 UTC
svn commit: r1905050 - in /xmlgraphics/batik/trunk: batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java
Author: ssteiner
Date: Thu Nov 3 16:01:27 2022
New Revision: 1905050
URL: http://svn.apache.org/viewvc?rev=1905050&view=rev
Log:
BATIK-1349: Block loading external resource by default
Modified:
xmlgraphics/batik/trunk/batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java
xmlgraphics/batik/trunk/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java
Modified: xmlgraphics/batik/trunk/batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java
URL: http://svn.apache.org/viewvc/xmlgraphics/batik/trunk/batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java?rev=1905050&r1=1905049&r2=1905050&view=diff
==============================================================================
--- xmlgraphics/batik/trunk/batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java (original)
+++ xmlgraphics/batik/trunk/batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java Thu Nov 3 16:01:27 2022
@@ -362,7 +362,7 @@ public class UserAgentAdapter implements
public ExternalResourceSecurity
getExternalResourceSecurity(ParsedURL resourceURL,
ParsedURL docURL) {
- return new RelaxedExternalResourceSecurity(resourceURL, docURL);
+ return new DefaultExternalResourceSecurity(resourceURL, docURL);
}
/**
Modified: xmlgraphics/batik/trunk/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java
URL: http://svn.apache.org/viewvc/xmlgraphics/batik/trunk/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java?rev=1905050&r1=1905049&r2=1905050&view=diff
==============================================================================
--- xmlgraphics/batik/trunk/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java (original)
+++ xmlgraphics/batik/trunk/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java Thu Nov 3 16:01:27 2022
@@ -32,11 +32,11 @@ import org.apache.batik.anim.dom.SVGOMDo
import org.apache.batik.bridge.BaseScriptingEnvironment;
import org.apache.batik.bridge.BridgeContext;
import org.apache.batik.bridge.BridgeException;
-import org.apache.batik.bridge.DefaultExternalResourceSecurity;
import org.apache.batik.bridge.DefaultScriptSecurity;
import org.apache.batik.bridge.ExternalResourceSecurity;
import org.apache.batik.bridge.GVTBuilder;
import org.apache.batik.bridge.NoLoadScriptSecurity;
+import org.apache.batik.bridge.RelaxedExternalResourceSecurity;
import org.apache.batik.bridge.RelaxedScriptSecurity;
import org.apache.batik.bridge.SVGUtilities;
import org.apache.batik.bridge.ScriptSecurity;
@@ -1116,9 +1116,9 @@ public abstract class SVGAbstractTransco
public ExternalResourceSecurity getExternalResourceSecurity(ParsedURL resourceURL, ParsedURL docURL) {
if (isAllowExternalResources()) {
- return super.getExternalResourceSecurity(resourceURL, docURL);
+ return new RelaxedExternalResourceSecurity(resourceURL, docURL);
}
- return new DefaultExternalResourceSecurity(resourceURL, docURL);
+ return super.getExternalResourceSecurity(resourceURL, docURL);
}
public boolean isAllowExternalResources() {