This is an automated email from the ASF dual-hosted git repository.
ffang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push:
new 667cf979a2 Disallowing DTDs for Aegis SourceType (#1729)
667cf979a2 is described below
commit 667cf979a29782191b942747da2ae6f260101003
Author: Colm O hEigeartaigh <cohei...@users.noreply.github.com>
AuthorDate: Wed Mar 6 20:31:50 2024 +0000
Disallowing DTDs for Aegis SourceType (#1729)
---
.../aegis/src/main/java/org/apache/cxf/aegis/type/xml/SourceType.java | 2 ++
1 file changed, 2 insertions(+)
diff --git
a/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/xml/SourceType.java
b/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/xml/SourceType.java
index 81e9827412..587fe82080 100644
---
a/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/xml/SourceType.java
+++
b/rt/databinding/aegis/src/main/java/org/apache/cxf/aegis/type/xml/SourceType.java
@@ -104,6 +104,8 @@ public class SourceType extends AegisType {
protected XMLReader createXMLReader() throws SAXException,
ParserConfigurationException {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setNamespaceAware(true);
+ // Disable DTDs
+ spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl";,
true);
return spf.newSAXParser().getXMLReader();
}
