You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by co...@apache.org on 2015/07/01 15:42:35 UTC

svn commit: r1688652 - /santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java

Author: coheigea
Date: Wed Jul  1 13:42:34 2015
New Revision: 1688652

URL: http://svn.apache.org/r1688652
Log:
Add secure processing to an XPathFactory instance

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java?rev=1688652&r1=1688651&r2=1688652&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/config/XIncludeHandler.java Wed Jul  1 13:42:34 2015
@@ -28,6 +28,7 @@ import org.xml.sax.*;
 import org.xml.sax.helpers.DefaultHandler;
 import org.xml.sax.helpers.XMLReaderFactory;
 
+import javax.xml.XMLConstants;
 import javax.xml.namespace.NamespaceContext;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerConfigurationException;
@@ -42,6 +43,7 @@ import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
+import javax.xml.xpath.XPathFactoryConfigurationException;
 
 import java.io.IOException;
 import java.net.MalformedURLException;
@@ -251,6 +253,11 @@ public class XIncludeHandler extends Def
         xPointerSchemeIndex += xPointerSchemeString.length();
         int xPointerSchemeEndIndex = this.findBalancedEndIndex(xpointer, xPointerSchemeIndex, '(', ')');
         XPathFactory xPathFactory = XPathFactory.newInstance();
+        try {
+            xPathFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+        } catch (XPathFactoryConfigurationException ex) {
+            throw new SAXException(ex);
+        }
         XPath xPath = xPathFactory.newXPath();
 
         int xmlnsSchemeIndex = xpointer.indexOf(xmlnsSchemeString);