svn commit: r1847112 - in /webservices/xmlschema/trunk: xmlschema-core/src/main/java/org/apache/ws/commons/schema/ xmlschema-walker/src/main/java/org/apache/ws/commons/schema/docpath/

coheigea Wed, 21 Nov 2018 06:50:14 -0800

Author: coheigea
Date: Wed Nov 21 14:49:50 2018
New Revision: 1847112

URL: http://svn.apache.org/viewvc?rev=1847112&view=rev
Log:
Set secure processing feature and disallow doctypes


Modified:
    
webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaCollection.java
    
webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaSerializer.java
    
webservices/xmlschema/trunk/xmlschema-walker/src/main/java/org/apache/ws/commons/schema/docpath/DomBuilderFromSax.java

Modified: 
webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaCollection.java
URL: 
http://svn.apache.org/viewvc/webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaCollection.java?rev=1847112&r1=1847111&r2=1847112&view=diff
==============================================================================
--- 
webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaCollection.java
 (original)
+++ 
webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaCollection.java
 Wed Nov 21 14:49:50 2018
@@ -33,6 +33,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Stack;
 
+import javax.xml.XMLConstants;
 import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -707,6 +708,8 @@ public final class XmlSchemaCollection {
     XmlSchema read(InputSource inputSource, TargetNamespaceValidator 
namespaceValidator) {
         try {
             DocumentBuilderFactory docFac = 
DocumentBuilderFactory.newInstance();
+            docFac.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+            
docFac.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true);
             docFac.setNamespaceAware(true);
             final DocumentBuilder builder = docFac.newDocumentBuilder();
             Document doc = null;

Modified: 
webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaSerializer.java
URL: 
http://svn.apache.org/viewvc/webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaSerializer.java?rev=1847112&r1=1847111&r2=1847112&view=diff
==============================================================================
--- 
webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaSerializer.java
 (original)
+++ 
webservices/xmlschema/trunk/xmlschema-core/src/main/java/org/apache/ws/commons/schema/XmlSchemaSerializer.java
 Wed Nov 21 14:49:50 2018
@@ -1548,6 +1548,9 @@ public class XmlSchemaSerializer {
         Document serializedSchemaDocs;
         try {
             DocumentBuilderFactory docFac = 
DocumentBuilderFactory.newInstance();
+            docFac.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+            
docFac.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true);
+
             docFac.setNamespaceAware(true);
             DocumentBuilder builder = docFac.newDocumentBuilder();
             serializedSchemaDocs = builder.newDocument();

Modified: 
webservices/xmlschema/trunk/xmlschema-walker/src/main/java/org/apache/ws/commons/schema/docpath/DomBuilderFromSax.java
URL: 
http://svn.apache.org/viewvc/webservices/xmlschema/trunk/xmlschema-walker/src/main/java/org/apache/ws/commons/schema/docpath/DomBuilderFromSax.java?rev=1847112&r1=1847111&r2=1847112&view=diff
==============================================================================
--- 
webservices/xmlschema/trunk/xmlschema-walker/src/main/java/org/apache/ws/commons/schema/docpath/DomBuilderFromSax.java
 (original)
+++ 
webservices/xmlschema/trunk/xmlschema-walker/src/main/java/org/apache/ws/commons/schema/docpath/DomBuilderFromSax.java
 Wed Nov 21 14:49:50 2018
@@ -25,6 +25,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.xml.XMLConstants;
 import javax.xml.namespace.QName;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -77,6 +78,8 @@ public final class DomBuilderFromSax ext
         }
 
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+        factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+        
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, 
true);
         factory.setNamespaceAware(true);
 
         docBuilder = factory.newDocumentBuilder();

svn commit: r1847112 - in /webservices/xmlschema/trunk: xmlschema-core/src/main/java/org/apache/ws/commons/schema/ xmlschema-walker/src/main/java/org/apache/ws/commons/schema/docpath/

Reply via email to