Author: jukka
Date: Thu Sep 3 16:20:26 2009
New Revision: 811011
URL: http://svn.apache.org/viewvc?rev=811011&view=rev
Log:
TIKA-217: secure-processing not supported by some JAXP implementations
Modified:
lucene/tika/trunk/tika-core/src/main/java/org/apache/tika/detect/XmlRootExtractor.java
Modified:
lucene/tika/trunk/tika-core/src/main/java/org/apache/tika/detect/XmlRootExtractor.java
URL:
http://svn.apache.org/viewvc/lucene/tika/trunk/tika-core/src/main/java/org/apache/tika/detect/XmlRootExtractor.java?rev=811011&r1=811010&r2=811011&view=diff
==============================================================================
---
lucene/tika/trunk/tika-core/src/main/java/org/apache/tika/detect/XmlRootExtractor.java
(original)
+++
lucene/tika/trunk/tika-core/src/main/java/org/apache/tika/detect/XmlRootExtractor.java
Thu Sep 3 16:20:26 2009
@@ -27,6 +27,7 @@
import org.apache.tika.sax.OfflineContentHandler;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.helpers.DefaultHandler;
/**
@@ -44,7 +45,14 @@
factory.setNamespaceAware(true);
factory.setValidating(false);
- factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ try {
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (SAXNotRecognizedException e) {
+ // TIKA-271: Some XML parsers do not support the secure-processing
+ // feature, even though it's required by JAXP in Java 5. Ignoring
+ // the exception is fine here, deployments without this feature
+ // are inherently vulnerable to XML denial-of-service attacks.
+ }
this.parser = factory.newSAXParser();
}
