knox git commit: KNOX-1523 - XML parsing cleanup

Fri, 12 Oct 2018 15:45:58 -0700 

Repository: knox
Updated Branches:
  refs/heads/master 79493c2d8 -> c299db6a4


KNOX-1523 - XML parsing cleanup


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/c299db6a
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/c299db6a
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/c299db6a

Branch: refs/heads/master
Commit: c299db6a43ca6ad9a8e8886827ef49bc029eeb9e
Parents: 79493c2
Author: Sandeep More <m...@apache.org>
Authored: Fri Oct 12 18:45:08 2018 -0400
Committer: Sandeep More <m...@apache.org>
Committed: Fri Oct 12 18:45:08 2018 -0400

----------------------------------------------------------------------
 .../knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java   | 5 +++++
 1 file changed, 5 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/c299db6a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
----------------------------------------------------------------------
diff --git 
a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
 
b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
index add01a4..f7808f8 100644
--- 
a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
+++ 
b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
@@ -99,6 +99,11 @@ public abstract class XmlFilterReader extends Reader {
     factory = XMLInputFactory.newFactory();
     //KNOX-620 factory.setProperty( XMLConstants.ACCESS_EXTERNAL_DTD, "false" 
);
     //KNOX-620 factory.setProperty( XMLConstants.ACCESS_EXTERNAL_SCHEMA, 
"false" );
+    /* This disables DTDs entirely for that factory */
+    factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+    /* disable external entities */
+    factory.setProperty("javax.xml.stream.isSupportingExternalEntities", 
false);
+
     factory.setProperty( "javax.xml.stream.isReplacingEntityReferences", 
Boolean.FALSE );
     factory.setProperty("http://java.sun.com/xml/stream/";
                 + "properties/report-cdata-event", Boolean.TRUE);

Reply via email to