If this is handled at the Axiom layer why are we throwing this exception? Shouldn't we let the user control this behavior, without always throwing an exception?
Thanks, Supun.. On Fri, Jan 21, 2011 at 1:29 PM, Miyuru Wanninayaka <[email protected]> wrote: > Hi all, > > I'm trying to process XML response from a POX service which return XML > response with DOCTYPE declarations and it fails with > "javax.xml.stream.XMLStreamException: DOCTYPE is not allowed exception". > Reason for this is DisallowDoctypeDeclStreamReaderWrapper throws a > XMLStreamException when DTD element found. I think this is done to fix > security vlunarability CVE-2010-1632. > > AFIK setting javax.xml.stream.supportDTD property to false in axiom will > prevent DTD processing and does not require to throw a exception when DTD > found. > > -- > Thanks, > Miyuru Wanninayaka > Software Engineer - WSO2 Inc. > -- Technical Lead, WSO2 Inc http://wso2.org supunk.blogspot.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
