>From what I see in the 5.5.8 code the external entities cannot be
resolved since we provide an InputSource to the documentBuilder in
ParseUtils :
private void processWebDotXml(ServletContext ctxt) throws JasperException {
InputStream is = null;
try {
is = ctxt.getResourceAsStream(WEB_XML);
if (is == null) {
// no web.xml
return;
}
ParserUtils pu = new ParserUtils();
TreeNode webApp = pu.parseXMLDocument(WEB_XML, is);
if (webApp == null
|| !"2.4".equals(webApp.findAttribute("version"))) {
defaultIsELIgnored = "true";
return;
}
As such when the documentBuilder found a partial external entities,
like <!ENTITY base SYSTEM "base.xml">, it has no idea of its root
location and as such consider as a file and provide it a dummy base
location.
What could be done it to use the ctxt.getResourceAsStream() after
cleaning the systemId reference from any file:// reference (ie:
file:///C:/eclipse3/base.xml => WEB-INF/base.xml).
Remmy do you agree on this since which such we stay independancy from
being on file or other way ?
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
