This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-jxpath.git
The following commit(s) were added to refs/heads/master by this push:
new 1e7dc69 Document guarding for untrusted input
1e7dc69 is described below
commit 1e7dc69b949394cfb045ee5c40b7ed6c337d7a81
Author: Gary Gregory <[email protected]>
AuthorDate: Mon Mar 20 08:46:52 2023 -0400
Document guarding for untrusted input
---
src/site/xdoc/index.xml | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/site/xdoc/index.xml b/src/site/xdoc/index.xml
index d417df1..eba8bd9 100644
--- a/src/site/xdoc/index.xml
+++ b/src/site/xdoc/index.xml
@@ -20,7 +20,6 @@
<title>JXPath Home</title>
<author email="[email protected]">Commons Documentation
Team</author>
<author email="[email protected]">Dmitri Plotnikov</author>
- <revision>$Id$</revision>
</properties>
<body>
@@ -72,6 +71,11 @@ while (it.hasNext()){
for those who work with mixtures of Java objects and XML and need
to frequently
traverse through graphs of those.
</p>
+ <p>
+ Some XPath expressions may cause Java code execution, so you
should not allow arbitrary expressions from untrusted input,
+ which could in turn lead to security issues in your environment.
Future enhancements may include the addition of an allow
+ list to let developers provide a stricter execution environment
for expressions.
+ </p>
<p>
JXPath documentation currently contains:
<ul>
