afs commented on code in PR #1340:
URL: https://github.com/apache/jena/pull/1340#discussion_r885484348
##########
jena-core/src/main/java/org/apache/jena/util/JenaXMLInput.java:
##########
@@ -72,16 +72,24 @@ public static XMLReader createXMLReader() throws
ParserConfigurationException, S
* Initialize an XMLInputFactory to jena settings.
*/
public static void initXMLInputFactory(XMLInputFactory xf) {
+ // This disables DTDs entirely for the factory.
+ // All DTDs are silently ignored; takes precedence over
ACCESS_EXTERNAL_DTD
+ setXMLInputFactoryProperty(xf, XMLInputFactory.SUPPORT_DTD,
Boolean.FALSE);
+
+ // Disable external DTDs (files and HTTP) - errors unless SUPPORT_DTD
is false.
+ setXMLInputFactoryProperty(xf, XMLConstants.ACCESS_EXTERNAL_DTD, "");
Review Comment:
This could be moved to the end. I don't think order matters. Assuming all
XMLInputFactory are supported by Woodstox.
##########
jena-core/src/main/java/org/apache/jena/util/JenaXMLInput.java:
##########
@@ -72,16 +72,24 @@ public static XMLReader createXMLReader() throws
ParserConfigurationException, S
* Initialize an XMLInputFactory to jena settings.
*/
public static void initXMLInputFactory(XMLInputFactory xf) {
+ // This disables DTDs entirely for the factory.
+ // All DTDs are silently ignored; takes precedence over
ACCESS_EXTERNAL_DTD
+ setXMLInputFactoryProperty(xf, XMLInputFactory.SUPPORT_DTD,
Boolean.FALSE);
+
+ // Disable external DTDs (files and HTTP) - errors unless SUPPORT_DTD
is false.
+ setXMLInputFactoryProperty(xf, XMLConstants.ACCESS_EXTERNAL_DTD, "");
+
+ // disable external entities (silently ignore)
+ setXMLInputFactoryProperty(xf,
XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
+ }
+
+ /**
+ * Catch any {@link IllegalArgumentException}, log it, and continue.
+ */
+ private static void setXMLInputFactoryProperty(XMLInputFactory xf, String
name, Object value) {
try {
- // This disables DTDs entirely for the factory.
- // All DTDs are silently ignored; takes precedence over
ACCESS_EXTERNAL_DTD
- xf.setProperty(XMLInputFactory.SUPPORT_DTD, false);
-
- // Disable external DTDs (files and HTTP) - errors unless
SUPPORT_DTD is false.
- xf.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
- // disable external entities (silently ignore)
- xf.setProperty("javax.xml.stream.isSupportingExternalEntities",
false);
- } catch(IllegalArgumentException ex){
+ xf.setProperty(name, value);
+ } catch(IllegalArgumentException ex) {
Log.error(JenaXMLInput.class, "Problem setting StAX property", ex);
Review Comment:
Assuming this is now to catch specific case, the stacktrace isn't necessary
(reduces the log output), if we have the exception message and the specific
property `name` included instead.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
