Hi Andreas, Can we make this configurable? Current behavior is causing some issues in Synapse front. Sometimes users mediate HTML files through Synapse and most HTML documents contain DTD declarations. Can we introduce a property in Axiom to not throw an exception when a DTD is encountered? We can write a custom message builder for Synapse, but before we do that we want to know what Axiom/Axis2 folks think about this.
Thanks, Hiranya On Sat, Jan 22, 2011 at 6:02 PM, Andreas Veithen <[email protected]>wrote: > Since message builders are configurable, a user already has the option > to replace ApplicationXMLBuilder by an alternative (and insecure!) > implementation. > > Andreas > > On Sat, Jan 22, 2011 at 08:30, Supun Kamburugamuva <[email protected]> > wrote: > > If this is handled at the Axiom layer why are we throwing this > > exception? Shouldn't we let the user control this behavior, without > > always throwing an exception? > > > > Thanks, > > Supun.. > > > > On Fri, Jan 21, 2011 at 1:29 PM, Miyuru Wanninayaka <[email protected]> > wrote: > >> Hi all, > >> > >> I'm trying to process XML response from a POX service which return XML > >> response with DOCTYPE declarations and it fails with > >> "javax.xml.stream.XMLStreamException: DOCTYPE is not allowed exception". > >> Reason for this is DisallowDoctypeDeclStreamReaderWrapper throws a > >> XMLStreamException when DTD element found. I think this is done to fix > >> security vlunarability CVE-2010-1632. > >> > >> AFIK setting javax.xml.stream.supportDTD property to false in axiom will > >> prevent DTD processing and does not require to throw a exception when > DTD > >> found. > >> > >> -- > >> Thanks, > >> Miyuru Wanninayaka > >> Software Engineer - WSO2 Inc. > >> > > > > > > > > -- > > Technical Lead, WSO2 Inc > > http://wso2.org > > supunk.blogspot.com > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Hiranya Jayathilaka Senior Software Engineer; WSO2 Inc.; http://wso2.org E-mail: [email protected]; Mobile: +94 77 633 3491 Blog: http://techfeast-hiranya.blogspot.com
