Reviewers: rdayal,

Description:
Copied some code from ReflectiveParser that should disable external
entities when reading web.xml.

Please review this at http://gwt-code-reviews.appspot.com/371801/show

Affected files:
  M dev/core/src/com/google/gwt/dev/ServletValidator.java


Index: dev/core/src/com/google/gwt/dev/ServletValidator.java
diff --git a/dev/core/src/com/google/gwt/dev/ServletValidator.java b/dev/core/src/com/google/gwt/dev/ServletValidator.java index 1d4af91e897ac7d2007ec2fddf0493fa724d1cd7..6501949f15bf82996c6dece20786fdbe182ef61f 100644
--- a/dev/core/src/com/google/gwt/dev/ServletValidator.java
+++ b/dev/core/src/com/google/gwt/dev/ServletValidator.java
@@ -185,6 +185,9 @@ class ServletValidator {
       SAXParserFactory fac = SAXParserFactory.newInstance();
       fac.setValidating(false);
       fac.setNamespaceAware(false);
+      fac.setFeature(
+          "http://apache.org/xml/features/nonvalidating/load-external-dtd";,
+          false);
       SAXParser parser = fac.newSAXParser();
       parser.getXMLReader().setFeature(
           "http://xml.org/sax/features/validation";, false);


--
http://groups.google.com/group/Google-Web-Toolkit-Contributors

Reply via email to