knox git commit: KNOX-1201 - Disable DocTypes

Thu, 08 Mar 2018 03:02:57 -0800 

Repository: knox
Updated Branches:
  refs/heads/master 5f9ee5a08 -> 9b5665be7


KNOX-1201 - Disable DocTypes


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/9b5665be
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/9b5665be
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/9b5665be

Branch: refs/heads/master
Commit: 9b5665be7016f3a574702d0ac843e9e677214dc5
Parents: 5f9ee5a
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Thu Mar 8 11:01:58 2018 +0000
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Thu Mar 8 11:01:58 2018 +0000

----------------------------------------------------------------------
 .../src/main/java/org/apache/knox/gateway/util/XmlUtils.java      | 3 +++
 1 file changed, 3 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/9b5665be/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java
----------------------------------------------------------------------
diff --git 
a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java 
b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java
index fc21d4e..b3494fe 100644
--- 
a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java
+++ 
b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/XmlUtils.java
@@ -46,6 +46,7 @@ public class XmlUtils {
   public static Document readXml( InputStream input ) throws 
ParserConfigurationException, IOException, SAXException {
     DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
     f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+    f.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true);
     DocumentBuilder b = f.newDocumentBuilder();
     return b.parse( input );
   }
@@ -53,6 +54,7 @@ public class XmlUtils {
   public static Document readXml( InputSource source ) throws 
ParserConfigurationException, IOException, SAXException {
     DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
     f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+    f.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true);
     DocumentBuilder b = f.newDocumentBuilder();
     return b.parse( source );
   }
@@ -98,6 +100,7 @@ public class XmlUtils {
   public static Document createDocument(boolean standalone) throws 
ParserConfigurationException {
     DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
     f.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+    f.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true);
     DocumentBuilder b = f.newDocumentBuilder();
     Document d = b.newDocument();
     d.setXmlStandalone( standalone );

Reply via email to