You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@xalan.apache.org by "Brian Minchau (JIRA)" <xa...@xml.apache.org> on 2005/07/15 00:58:18 UTC

[jira] Updated: (XALANJ-2136) JAXP 1.3: support the secure processing feature

     [ http://issues.apache.org/jira/browse/XALANJ-2136?page=all ]

Brian Minchau updated XALANJ-2136:
----------------------------------

    reviewer: ilene@ca.ibm.com

> JAXP 1.3: support the secure processing feature
> -----------------------------------------------
>
>          Key: XALANJ-2136
>          URL: http://issues.apache.org/jira/browse/XALANJ-2136
>      Project: XalanJ2
>         Type: Bug
>   Components: JAXP
>     Versions: CurrentCVS
>     Reporter: Morris Kwan
>     Assignee: Morris Kwan
>      Fix For: CurrentCVS
>  Attachments: secure_processing_feature_xalan.patch, secure_processing_feature_xsltc.patch
>
> In JAXP 1.3, the TransformerFactory.setFeature() method must support the secure processing feature. The following paragraph is taken from the javadocs of the TransformerFactory.setFeature() method:
> All implementations are required to support the XMLConstants.FEATURE_SECURE_PROCESSING feature. When the feature is:
> -- true: the implementation will limit XML processing to conform to implementation limits and behave in a secure fashion as defined by the implementation. Examples include resolving user defined style sheets and functions. If XML processing is limited for security reasons, it will be reported via a call to the registered ErrorListener.fatalError(TransformerException exception). See setErrorListener(ErrorListener listener). 
> -- false: the implementation will processing XML according to the XML specifications without regard to possible implementation limits. 
> Sun's contributed JAXP 1.3 implementation only exposes the feature. But it does not use the feature to limit the XML processing behavior. The proposed patch will implement the following restrictions when the secure processing feature is set to true:
> 1. use of extension elements and extension functions are disabled
> 2. the secure processing feature is also passed to all parsers created by the XSLT processor.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-dev-help@xml.apache.org