[jira] [Resolved] (TIKA-3654) Add OfflineContentHandler to XMLReaderUtils.parseSAX

Tim Allison (Jira) Thu, 20 Jan 2022 11:54:05 -0800


     [ 
https://issues.apache.org/jira/browse/TIKA-3654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Tim Allison resolved TIKA-3654.
-------------------------------
    Fix Version/s: 2.2.2
       Resolution: Fixed

> Add OfflineContentHandler to XMLReaderUtils.parseSAX
> ----------------------------------------------------
>
>                 Key: TIKA-3654
>                 URL: https://issues.apache.org/jira/browse/TIKA-3654
>             Project: Tika
>          Issue Type: Improvement
>            Reporter: Tim Allison
>            Priority: Minor
>             Fix For: 2.2.2
>
>
> The OfflineContentHandler is another layer of protection against external 
> entity vulnerabilities.  Parsers are responsible for adding it before calling 
> XMLReaderUtils.parseSAX().  When new parsers come it, devs may not know to 
> add this extra layer.  Let's modify the code in 2.x at least to add the 
> offline contenthandler automatically in XMLReaderUtils.parseSAX().



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Resolved] (TIKA-3654) Add OfflineContentHandler to XMLReaderUtils.parseSAX

Reply via email to