[
https://issues.apache.org/jira/browse/TIKA-741?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jukka Zitting resolved TIKA-741.
--------------------------------
Resolution: Fixed
Fix Version/s: 1.0
Assignee: Jukka Zitting
In revision 1179254 I increased the default permitted XML nesting level to 100
and introduced a separate limit of at most 10 nested <div
class="package-entry"> elements to catch excessive nesting of package formats.
The maximum nesting limits can be set directly on on the SecureContentHandler
level, but are not currently configurable if you're using the Tika facade or
the AutoDetectParser class. I'd like to come up with default settings that work
for all practical cases before we consider adding such low level configuration
options to the higher level APIs.
> "Zip bomb" (XML nesting) detection is too strict
> ------------------------------------------------
>
> Key: TIKA-741
> URL: https://issues.apache.org/jira/browse/TIKA-741
> Project: Tika
> Issue Type: Bug
> Components: parser
> Affects Versions: 0.10
> Reporter: Erik Hetzner
> Assignee: Jukka Zitting
> Priority: Minor
> Fix For: 1.0
>
>
> I get "zip bomb" errors from many HTML documents, e.g.
> http://www.akhbaar.org/wesima_articles/index-20100101-82736.html
> Is there a way that the element nesting level could be made configurable? 30
> elements just doesn't seem to be enough.
> Thanks!
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
