[
https://issues.apache.org/jira/browse/NIFI-4185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16448129#comment-16448129
]
ASF GitHub Bot commented on NIFI-4185:
--------------------------------------
Github user tballison commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2587#discussion_r183390424
--- Diff:
nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/main/java/org/apache/nifi/xml/XMLRecordReader.java
---
@@ -84,6 +84,10 @@ public XMLRecordReader(InputStream in, RecordSchema
schema, String rootName, Str
try {
final XMLInputFactory xmlInputFactory =
XMLInputFactory.newInstance();
+
+ // Avoid namespace replacements
+
xmlInputFactory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, false);
--- End diff --
Might want to avoid XEE vulnerability via improved configuration of
XMLInputFactory?
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#XMLInputFactory_.28a_StAX_parser.29
> Add XML record reader & writer services
> ---------------------------------------
>
> Key: NIFI-4185
> URL: https://issues.apache.org/jira/browse/NIFI-4185
> Project: Apache NiFi
> Issue Type: New Feature
> Components: Extensions
> Affects Versions: 1.3.0
> Reporter: Andy LoPresto
> Assignee: Johannes Peter
> Priority: Major
> Labels: json, records, xml
>
> With the addition of the {{RecordReader}} and {{RecordSetWriter}} paradigm,
> XML conversion has not yet been targeted. This will replace the previous
> ticket for XML to JSON conversion.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
