[
https://issues.apache.org/jira/browse/CXF-8273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-8273.
--------------------------------------
Resolution: Fixed
> Remove static methods from StaxUtils to restrict XML level/count
> ----------------------------------------------------------------
>
> Key: CXF-8273
> URL: https://issues.apache.org/jira/browse/CXF-8273
> Project: CXF
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 3.4.0
>
>
> This task is to remove static methods from StaxUtils to restrict XML
> level/count:
>
> {code:java}
> - public static void setInnerElementLevelThreshold(int i) {
> - innerElementLevelThreshold = i != -1 ? i : 500;
> - setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth",
> innerElementLevelThreshold);
> - }
> - public static void setInnerElementCountThreshold(int i) {
> - innerElementCountThreshold = i != -1 ? i : 50000;
> - setProperty(SAFE_INPUT_FACTORY,
> "com.ctc.wstx.maxChildrenPerElement", innerElementCountThreshold);
> - }
> {code}
> These methods are problematic as they only set the property on the
> SAFE_INPUT_FACTORY and not on any of the instances that might already be
> stored in the NS_AWARE_INPUT_FACTORY_POOL. Instead, set the system properties
> to customize how we restrict XML.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
