You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/04/29 13:41:00 UTC

[jira] [Created] (CXF-8273) Remove static methods from StaxUtils to restrict XML level/count

Colm O hEigeartaigh created CXF-8273:
----------------------------------------

             Summary: Remove static methods from StaxUtils to restrict XML level/count
                 Key: CXF-8273
                 URL: https://issues.apache.org/jira/browse/CXF-8273
             Project: CXF
          Issue Type: Improvement
            Reporter: Colm O hEigeartaigh
            Assignee: Colm O hEigeartaigh
             Fix For: 3.4.0


This task is to remove static methods from StaxUtils to restrict XML level/count:

 
{code:java}
-    public static void setInnerElementLevelThreshold(int i) {
-        innerElementLevelThreshold = i != -1 ? i : 500;
-        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth", innerElementLevelThreshold);
-    }
-    public static void setInnerElementCountThreshold(int i) {
-        innerElementCountThreshold = i != -1 ? i : 50000;
-        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxChildrenPerElement", innerElementCountThreshold);
-    }
{code}
These methods are problematic as they only set the property on the SAFE_INPUT_FACTORY and not on any of the instances that might already be stored in the NS_AWARE_INPUT_FACTORY_POOL. Instead, set the system properties to customize how we restrict XML.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)