Hi all,
For security reasons I am trying to use resolveEntity to reject any uri
that is not in an approved list of sources. I have the code running and
if the uri is not in my list I return null. However, the behavior of
xalanc is different than I anticipated. If null is returned as the input
source
then the following happens after resolveEntity is called ( this is in
xalanc\XSLT\XSLTProcessorEnvSupportDefault.cpp ):
typedef XalanAutoPtr<InputSource> AutoPtrType;
const AutoPtrType resolverInputSource(
theResolver->resolveEntity(
0,
urlText.c_str()));
if (resolverInputSource.get() != 0)
{
theDocument =
parserLiaison.parseXMLStream(*resolverInputSource.get(),
theEmptyString);
}
else
{
const XSLTInputSource
inputSource(urlText.c_str(), theManager);
theDocument =
parserLiaison.parseXMLStream(inputSource, theEmptyString);
}
If null is returned by resolveEntity then the else branch is taken and
the url is used anyway. Am I trying to use
the EntityResolver interface for something it is not intended for.
Any help you can provide is appreciated.
