On 13/11/2013 22:08, huizhe wang wrote:
:
Each parser has its own copy of XMLSecurityManager that maintains the
values of the limits. The parser is reset before it starts to parse a
document. Resetting the values managed by XMLSecurityManager therefore
makes sure that the limits are per document.
Daniel sent me a private email to question if the reset in
PropertyManager is safe. He was right. I traced that back to the
previous patch in that the StAX parsers actually were sharing the same
XMLSecurityManager, and also XMLSecurityPropertyManager. I've changed
the code so that they are cloned.
webrev:
http://cr.openjdk.java.net/~joehw/jdk8/8028111/webrev/
Sorry about that, having it called XMLSecurityManager when it's not a
SecurityManager is always confusing. In that case, it looks okay to me.
-Alan.
