[jira] Updated: (XALANJ-2136) JAXP 1.3: support the secure processing feature

Thu, 14 Jul 2005 15:58:43 -0700 

     [ http://issues.apache.org/jira/browse/XALANJ-2136?page=all ]

Brian Minchau updated XALANJ-2136:
----------------------------------

    reviewer: [EMAIL PROTECTED]

> JAXP 1.3: support the secure processing feature
> -----------------------------------------------
>
>          Key: XALANJ-2136
>          URL: http://issues.apache.org/jira/browse/XALANJ-2136
>      Project: XalanJ2
>         Type: Bug
>   Components: JAXP
>     Versions: CurrentCVS
>     Reporter: Morris Kwan
>     Assignee: Morris Kwan
>      Fix For: CurrentCVS
>  Attachments: secure_processing_feature_xalan.patch, 
> secure_processing_feature_xsltc.patch
>
> In JAXP 1.3, the TransformerFactory.setFeature() method must support the 
> secure processing feature. The following paragraph is taken from the javadocs 
> of the TransformerFactory.setFeature() method:
> All implementations are required to support the 
> XMLConstants.FEATURE_SECURE_PROCESSING feature. When the feature is:
> -- true: the implementation will limit XML processing to conform to 
> implementation limits and behave in a secure fashion as defined by the 
> implementation. Examples include resolving user defined style sheets and 
> functions. If XML processing is limited for security reasons, it will be 
> reported via a call to the registered 
> ErrorListener.fatalError(TransformerException exception). See 
> setErrorListener(ErrorListener listener). 
> -- false: the implementation will processing XML according to the XML 
> specifications without regard to possible implementation limits. 
> Sun's contributed JAXP 1.3 implementation only exposes the feature. But it 
> does not use the feature to limit the XML processing behavior. The proposed 
> patch will implement the following restrictions when the secure processing 
> feature is set to true:
> 1. use of extension elements and extension functions are disabled
> 2. the secure processing feature is also passed to all parsers created by the 
> XSLT processor.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to