You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/04/29 13:41:00 UTC
[jira] [Created] (CXF-8273) Remove static methods from StaxUtils to
restrict XML level/count
Colm O hEigeartaigh created CXF-8273:
----------------------------------------
Summary: Remove static methods from StaxUtils to restrict XML level/count
Key: CXF-8273
URL: https://issues.apache.org/jira/browse/CXF-8273
Project: CXF
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 3.4.0
This task is to remove static methods from StaxUtils to restrict XML level/count:
{code:java}
- public static void setInnerElementLevelThreshold(int i) {
- innerElementLevelThreshold = i != -1 ? i : 500;
- setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth", innerElementLevelThreshold);
- }
- public static void setInnerElementCountThreshold(int i) {
- innerElementCountThreshold = i != -1 ? i : 50000;
- setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxChildrenPerElement", innerElementCountThreshold);
- }
{code}
These methods are problematic as they only set the property on the SAFE_INPUT_FACTORY and not on any of the instances that might already be stored in the NS_AWARE_INPUT_FACTORY_POOL. Instead, set the system properties to customize how we restrict XML.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)