stevedlawrence commented on a change in pull request #560:
URL: https://github.com/apache/daffodil/pull/560#discussion_r637947212
##########
File path:
daffodil-runtime1/src/main/scala/org/apache/daffodil/processors/DataProcessor.scala
##########
@@ -347,7 +346,11 @@ class DataProcessor private (
override def getDiagnostics = ssrd.diagnostics
- override def newXMLReaderInstance: DFDL.DaffodilParseXMLReader = new
DaffodilParseXMLReader(this)
+ override def newXMLReaderInstance: DFDL.DaffodilParseXMLReader = {
+ val xrdr = new DaffodilParseXMLReader(this)
+ XMLUtils.setSecureDefaults(xrdr)
Review comment:
I'd argue that calling setSecureDefaults is no one's responsiblity,
including ours. So a factory just adds extra API complexity. The
DaffodilXMLReader doesn't actually read XML (only implements the XMLReader
API)--there are no concerns about reading XML securely, so no one, including
us, ever needs to set it in a secure mode.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
