[
https://issues.apache.org/jira/browse/GROOVY-10560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul King closed GROOVY-10560.
------------------------------
> Provide additional XmlUtil variants for more options when disabling doctypes
> ----------------------------------------------------------------------------
>
> Key: GROOVY-10560
> URL: https://issues.apache.org/jira/browse/GROOVY-10560
> Project: Groovy
> Issue Type: Task
> Reporter: Paul King
> Assignee: Paul King
> Priority: Major
> Labels: breaking
> Fix For: 5.0.0-alpha-1, 4.0.2
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> The main XML processing methods in Groovy default to using secure XML
> processing. Some less widely used methods don't have that default. This
> change will incorporate that security measure. For users not using doctype
> processing, no change should be observed but processing will be more secure.
> It is a breaking change for anyone explicitly using doctype processing. Such
> users should use the new variant of each related method that is now provided
> which allows such processing to be switched back on. These have the same
> parameters as the existing method but an additional boolean.
> Affected methods:
> {code}
> XmlUtil#serialize(Element)
> XmlUtil#serialize(Element, OutputStream)
> XmlUtil#serialize(Element, Writer)
> XmlUtil#serialize(String)
> XmlUtil#serialize(String, OutputStream)
> XmlUtil#serialize(String, Writer)
> XmlUtil#newSAXParser(String, boolean, boolean, Source...)
> XmlUtil#newSAXParser(String, Source...)
> XmlUtil#newSAXParser(String, boolean, boolean, File)
> XmlUtil#newSAXParser(String, File)
> XmlUtil#newSAXParser(String, boolean, boolean, URL)
> XmlUtil#newSAXParser(String, URL)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
