You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fop-dev@xmlgraphics.apache.org by "Greg Janée (Jira)" <ji...@apache.org> on 2022/08/01 05:30:00 UTC

[jira] [Created] (FOP-3086) allow override of http://apache.org/xml/features/disallow-doctype-decl

Greg Janée created FOP-3086:
-------------------------------

             Summary: allow override of http://apache.org/xml/features/disallow-doctype-decl
                 Key: FOP-3086
                 URL: https://issues.apache.org/jira/browse/FOP-3086
             Project: FOP
          Issue Type: Improvement
    Affects Versions: 2.7
            Reporter: Greg Janée


In org.apache.fop.cli.InputHandler.getXMLReader, there is a call that is hard-coded to set SAX feature [http://apache.org/xml/features/disallow-doctype-decl] to true.  This breaks existing implementations (such as mine) that process libraries of templates that contain DOCTYPE declarations.  While I'm sure there was a reason for this change (security against rogue DOCTYPE contents I'm guessing), the risk doesn't apply for implementations that are processing internally-maintained templates and that are not processing templates coming in from the wild.  The request is to make this setting overrideable to false by some kind of FOP configuration parameter or environment variable.  As it is, this completely breaks FOP for my installation, and the only way I've been able to continue to run is to monkey-patch the JAR file.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)