Graham Hadden created FOP-2987:
----------------------------------
Summary: Allow FOP to set Batik blockExternalResources flag
Key: FOP-2987
URL: https://issues.apache.org/jira/browse/FOP-2987
Project: FOP
Issue Type: New Feature
Components: image/svg
Reporter: Graham Hadden
Batik 1.13+ has a flag blockExternalResources to allow blocking of external
resources in the xlink:href of SVGs (see
https://issues.apache.org/jira/browse/BATIK-1276).
However, there doesn't seem to be any way to set this flag within FOP which
leaves the original SSRF security vulnerability open.
We would like to request that a new feature is added to FOP such that it's
possible to set the Batik blockExternalResources flag via config.
Thank you.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
