[
https://issues.apache.org/jira/browse/XERCESJ-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Glavassevich resolved XERCESJ-1455.
-------------------------------------------
Resolution: Won't Fix
Using system properties to configure the parser is problematic in many
environments. It has a global effect in the JVM and thus can trample on the
preferences of other applications (even those loaded by other ClassLoaders),
possibly breaking them by doing so. See XERCESJ-976 for example. Adding this
proposed system property would encourage more bad practice. Applications should
be using the APIs for configuring the entity expansion limit and other settings.
> New system property to limit entity expansion
> ---------------------------------------------
>
> Key: XERCESJ-1455
> URL: https://issues.apache.org/jira/browse/XERCESJ-1455
> Project: Xerces2-J
> Issue Type: Improvement
> Components: JAXP (javax.xml.parsers)
> Affects Versions: 2.7.1, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.10.0
> Environment: all
> Reporter: yuechen
> Priority: Trivial
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> when setting org.apache.xerces.util.SecurityManager, default
> entityExpansionLimit is 100,000. this is still too high in many cases.
> although security Manager does have a setter for entityExpansionLimit, it
> will be more user friendly to have a new system property to limit entity
> expansion, such as the one in Sun's JAXP implementation:
> http://java.sun.com/j2se/1.5.0/docs/guide/xml/jaxp/JAXP-Compatibility_150.html#JAXP_security
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
