[jira] [Resolved] (JELLY-293) Accommodate toggling off DTD external entities.

Rob Tompkins (JIRA) Tue, 29 Aug 2017 06:40:18 -0700

     [ 
https://issues.apache.org/jira/browse/JELLY-293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rob Tompkins resolved JELLY-293.
--------------------------------
    Resolution: Fixed

Implemented in svn as given by above comment.

> Accommodate toggling off DTD external entities.
> -----------------------------------------------
>
>                 Key: JELLY-293
>                 URL: https://issues.apache.org/jira/browse/JELLY-293
>             Project: Commons Jelly
>          Issue Type: Bug
>          Components: core / taglib.core
>    Affects Versions: 1.0
>            Reporter: Rob Tompkins
>            Assignee: Rob Tompkins
>             Fix For: 1.0.1
>
>
> We want the ability to configure whether or not jelly files can be declared 
> such that the doctype definition at the beginning of the XML can call out to 
> external entities under the parsing by SAX in the xerces project.
> The suggested fix is to add
> {code:java}
> if (!allowDtdToCallExternalEntities) {
>     
> reader.setFeature("http://xml.org/sax/features/external-general-entities";, 
> false);
>     
> reader.setFeature("http://xml.org/sax/features/external-parameter-entities";, 
> false);
>     
> reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd";,
>  false);
> }
> {code}
> immediately following this line: 
> https://github.com/apache/commons-jelly/blob/commons-jelly-1.0/src/java/org/apache/commons/jelly/parser/XMLParser.java#L496



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (JELLY-293) Accommodate toggling off DTD external entities.

Reply via email to