Hi River, River Tarnell <[EMAIL PROTECTED]> wrote on 05/08/2008 07:56:06 PM:
> i'm writing a server process that transcodes user-supplied SVG images > to PNG. to do this securely, i need to disable loading of scripts > and external references. i see that KEY_ALLOWED_SCRIPT_TYPES can be > used to disable scripting, but how can i disable other external > references? You can provide a UserAgent to the BridgeContext that implements 'getExternalResourceSecurity' and 'checkLoadExternalResource' so they throw a security exception appropriately. If you are using the current transcoders you can do this by sublassing the transcoder and overriding the 'createUserAgent' method to return your custom user agent.
