You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tika.apache.org by ju...@apache.org on 2009/09/06 11:30:44 UTC
svn commit: r811785 -
/lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/xml/XMLParser.java
Author: jukka
Date: Sun Sep 6 09:30:43 2009
New Revision: 811785
URL: http://svn.apache.org/viewvc?rev=811785&view=rev
Log:
TIKA-217: secure-processing not supported by some JAXP implementations
Add the workaround also to XMLParser
Modified:
lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/xml/XMLParser.java
Modified: lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/xml/XMLParser.java
URL: http://svn.apache.org/viewvc/lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/xml/XMLParser.java?rev=811785&r1=811784&r2=811785&view=diff
==============================================================================
--- lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/xml/XMLParser.java (original)
+++ lucene/tika/trunk/tika-parsers/src/main/java/org/apache/tika/parser/xml/XMLParser.java Sun Sep 6 09:30:43 2009
@@ -33,6 +33,7 @@
import org.apache.tika.sax.XHTMLContentHandler;
import org.xml.sax.ContentHandler;
import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
/**
* XML parser
@@ -54,7 +55,15 @@
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setNamespaceAware(true);
- factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ try {
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (SAXNotRecognizedException e) {
+ // TIKA-271: Some XML parsers do not support the secure-processing
+ // feature, even though it's required by JAXP in Java 5. Ignoring
+ // the exception is fine here, deployments without this feature
+ // are inherently vulnerable to XML denial-of-service attacks.
+ }
+
SAXParser parser = factory.newSAXParser();
parser.parse(
new CloseShieldInputStream(stream),