[
https://issues.apache.org/jira/browse/FOP-3086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17573665#comment-17573665
]
Simon Steiner commented on FOP-3086:
------------------------------------
What about calling fop by using
https://xmlgraphics.apache.org/fop/trunk/embedding.html
> allow override of http://apache.org/xml/features/disallow-doctype-decl
> ----------------------------------------------------------------------
>
> Key: FOP-3086
> URL: https://issues.apache.org/jira/browse/FOP-3086
> Project: FOP
> Issue Type: Improvement
> Affects Versions: 2.7
> Reporter: Greg Janée
> Priority: Blocker
>
> In org.apache.fop.cli.InputHandler.getXMLReader, there is a call that is
> hard-coded to set SAX feature
> [http://apache.org/xml/features/disallow-doctype-decl] to true. This breaks
> existing implementations (such as mine) that process libraries of templates
> that contain DOCTYPE declarations. While I'm sure there was a reason for
> this change (security against rogue DOCTYPE contents I'm guessing), the risk
> doesn't apply for implementations that are processing internally-maintained
> templates and that are not processing templates coming in from the wild. The
> request is to make this setting overrideable to false by some kind of FOP
> configuration parameter or environment variable. As it is, this completely
> breaks FOP for my installation, and the only way I've been able to continue
> to run is to monkey-patch the JAR file.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
