[jira] [Created] (TEXT-224) set SecureProcessing feature in XmlStringLookup

PJ Fanning (Jira) Fri, 05 May 2023 12:43:38 -0700

PJ Fanning created TEXT-224:
-------------------------------

             Summary: set SecureProcessing feature in XmlStringLookup
                 Key: TEXT-224
                 URL: https://issues.apache.org/jira/browse/TEXT-224
             Project: Commons Text
          Issue Type: Task
    Affects Versions: 1.10.0
            Reporter: PJ Fanning



https://github.com/apache/commons-text/blob/master/src/main/java/org/apache/commons/text/lookup/XmlStringLookup.java

We could set this:

xpf.[setFeature|https://www.tabnine.com/code/java/methods/javax.xml.xpath.XPathFactory/setFeature](XMLConstants.FEATURE_SECURE_PROCESSING,
 Boolean.TRUE);

 

There is more that could be done but this feature would probably be clean 
enough to roll out - compared to other options like pre-loading the XML using a 
DocumentBuilder that might be configured to disable External Entities or DTD 
loading generally.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (TEXT-224) set SecureProcessing feature in XmlStringLookup

Reply via email to