New system property to limit entity expansion
---------------------------------------------
Key: XERCESJ-1455
URL: https://issues.apache.org/jira/browse/XERCESJ-1455
Project: Xerces2-J
Issue Type: Improvement
Components: JAXP (javax.xml.parsers)
Affects Versions: 2.10.0, 2.9.1, 2.9.0, 2.8.1, 2.8.0, 2.7.1
Environment: all
Reporter: yuechen
Priority: Trivial
Fix For: 2.10.0, 2.9.1, 2.9.0, 2.8.1, 2.8.0, 2.7.1
when setting org.apache.xerces.util.SecurityManager, default
entityExpansionLimit is 100,000. this is still too high in many cases. although
security Manager does have a setter for entityExpansionLimit, it will be more
user friendly to have a new system property to limit entity expansion, such as
the one in Sun's JAXP implementation:
http://java.sun.com/j2se/1.5.0/docs/guide/xml/jaxp/JAXP-Compatibility_150.html#JAXP_security
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
