Reviewers: rdayal,
Description:
Copied some code from ReflectiveParser that should disable external
entities when reading web.xml.
Please review this at http://gwt-code-reviews.appspot.com/371801/show
Affected files:
M dev/core/src/com/google/gwt/dev/ServletValidator.java
Index: dev/core/src/com/google/gwt/dev/ServletValidator.java
diff --git a/dev/core/src/com/google/gwt/dev/ServletValidator.java
b/dev/core/src/com/google/gwt/dev/ServletValidator.java
index
1d4af91e897ac7d2007ec2fddf0493fa724d1cd7..6501949f15bf82996c6dece20786fdbe182ef61f
100644
--- a/dev/core/src/com/google/gwt/dev/ServletValidator.java
+++ b/dev/core/src/com/google/gwt/dev/ServletValidator.java
@@ -185,6 +185,9 @@ class ServletValidator {
SAXParserFactory fac = SAXParserFactory.newInstance();
fac.setValidating(false);
fac.setNamespaceAware(false);
+ fac.setFeature(
+ "http://apache.org/xml/features/nonvalidating/load-external-dtd",
+ false);
SAXParser parser = fac.newSAXParser();
parser.getXMLReader().setFeature(
"http://xml.org/sax/features/validation", false);
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors