Colm O hEigeartaigh created CXF-8273:
----------------------------------------
Summary: Remove static methods from StaxUtils to restrict XML
level/count
Key: CXF-8273
URL: https://issues.apache.org/jira/browse/CXF-8273
Project: CXF
Issue Type: Improvement
Reporter: Colm O hEigeartaigh
Assignee: Colm O hEigeartaigh
Fix For: 3.4.0
This task is to remove static methods from StaxUtils to restrict XML
level/count:
{code:java}
- public static void setInnerElementLevelThreshold(int i) {
- innerElementLevelThreshold = i != -1 ? i : 500;
- setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth",
innerElementLevelThreshold);
- }
- public static void setInnerElementCountThreshold(int i) {
- innerElementCountThreshold = i != -1 ? i : 50000;
- setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxChildrenPerElement",
innerElementCountThreshold);
- }
{code}
These methods are problematic as they only set the property on the
SAFE_INPUT_FACTORY and not on any of the instances that might already be stored
in the NS_AWARE_INPUT_FACTORY_POOL. Instead, set the system properties to
customize how we restrict XML.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
