On Mon, Mar 25, 2024 at 2:32 PM Christopher Schultz <ch...@christopherschultz.net> wrote: > > Rémy, > > On 3/22/24 11:39, Rémy Maucherat wrote: > > On Fri, Mar 22, 2024 at 2:40 PM <schu...@apache.org> wrote: > >> > >> This is an automated email from the ASF dual-hosted git repository. > >> > >> schultz pushed a commit to branch main > >> in repository https://gitbox.apache.org/repos/asf/tomcat.git > >> > >> > >> The following commit(s) were added to refs/heads/main by this push: > >> new 988992ba2e Use server's ClassLoader instead of application's > >> when loading XMLInputFactory. > >> 988992ba2e is described below > >> > >> commit 988992ba2e9a8e2c3db47ac960c2fa6c3fc7a8a4 > >> Author: Christopher Schultz <ch...@christopherschultz.net> > >> AuthorDate: Fri Mar 22 09:37:08 2024 -0400 > >> > >> Use server's ClassLoader instead of application's when loading > >> XMLInputFactory. > > > > It doesn't work because there's nothing corresponding to the > > XMLInputFactory.class.getName() id. The default newFactory doesn't do > > the same thing at all. > > Ugh, sorry about that. Thanks for fixing it. > > Setting the ContextClassLoader seems like the wrong approach. Isn't > there a ClassLoader parameter to getFactory for a reason?
Feel free to revert it if you don't like it. Rémy > -chris > > > > > Rémy > > > >> --- > >> java/org/apache/jasper/compiler/EncodingDetector.java | 3 ++- > >> webapps/docs/changelog.xml | 5 +++++ > >> 2 files changed, 7 insertions(+), 1 deletion(-) > >> > >> diff --git a/java/org/apache/jasper/compiler/EncodingDetector.java > >> b/java/org/apache/jasper/compiler/EncodingDetector.java > >> index bac9ade2ee..cf3b623104 100644 > >> --- a/java/org/apache/jasper/compiler/EncodingDetector.java > >> +++ b/java/org/apache/jasper/compiler/EncodingDetector.java > >> @@ -35,7 +35,8 @@ class EncodingDetector { > >> > >> private static final XMLInputFactory XML_INPUT_FACTORY; > >> static { > >> - XML_INPUT_FACTORY = XMLInputFactory.newInstance(); > >> + XML_INPUT_FACTORY = > >> XMLInputFactory.newFactory(XMLInputFactory.class.getName(), > >> + EncodingDetector.class.getClassLoader()); > >> } > >> > >> private final String encoding; > >> diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml > >> index 341c3a6596..0eca891322 100644 > >> --- a/webapps/docs/changelog.xml > >> +++ b/webapps/docs/changelog.xml > >> @@ -179,6 +179,11 @@ > >> and the web application is deployed as a WAR file rather than an > >> unpacked directory. (markt) > >> </fix> > >> + <fix> > >> + Prevent the web application's ClassLoader from being pinned by > >> the JSP > >> + compiler if an application uses a custom XMLInputFactory. Based > >> upon a > >> + suggestion from Simon Niederberger. (schultz) > >> + </fix> > >> </changelog> > >> </subsection> > >> <subsection name="Other"> > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: dev-h...@tomcat.apache.org > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: dev-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org