You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2015/07/01 15:42:35 UTC
svn commit: r1688652 -
/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java
Author: coheigea
Date: Wed Jul 1 13:42:34 2015
New Revision: 1688652
URL: http://svn.apache.org/r1688652
Log:
Add secure processing to an XPathFactory instance
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java?rev=1688652&r1=1688651&r2=1688652&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java Wed Jul 1 13:42:34 2015
@@ -28,6 +28,7 @@ import org.xml.sax.*;
import org.xml.sax.helpers.DefaultHandler;
import org.xml.sax.helpers.XMLReaderFactory;
+import javax.xml.XMLConstants;
import javax.xml.namespace.NamespaceContext;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
@@ -42,6 +43,7 @@ import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
+import javax.xml.xpath.XPathFactoryConfigurationException;
import java.io.IOException;
import java.net.MalformedURLException;
@@ -251,6 +253,11 @@ public class XIncludeHandler extends Def
xPointerSchemeIndex += xPointerSchemeString.length();
int xPointerSchemeEndIndex = this.findBalancedEndIndex(xpointer, xPointerSchemeIndex, '(', ')');
XPathFactory xPathFactory = XPathFactory.newInstance();
+ try {
+ xPathFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+ } catch (XPathFactoryConfigurationException ex) {
+ throw new SAXException(ex);
+ }
XPath xPath = xPathFactory.newXPath();
int xmlnsSchemeIndex = xpointer.indexOf(xmlnsSchemeString);