Revision: 7983
Author: sco...@google.com
Date: Mon Apr 26 10:57:24 2010
Log: ServletValidator disable external DTD resolution.
Copied some code from ReflectiveParser that should disable external
entities when reading web.xml.
http://gwt-code-reviews.appspot.com/371801/show
Review by: rdayal
http://code.google.com/p/google-web-toolkit/source/detail?r=7983
Modified:
/branches/2.1/dev/core/src/com/google/gwt/dev/ServletValidator.java
=======================================
--- /branches/2.1/dev/core/src/com/google/gwt/dev/ServletValidator.java Tue
Mar 30 12:00:11 2010
+++ /branches/2.1/dev/core/src/com/google/gwt/dev/ServletValidator.java Mon
Apr 26 10:57:24 2010
@@ -185,6 +185,9 @@
SAXParserFactory fac = SAXParserFactory.newInstance();
fac.setValidating(false);
fac.setNamespaceAware(false);
+ fac.setFeature(
+ "http://apache.org/xml/features/nonvalidating/load-external-dtd";,
+ false);
SAXParser parser = fac.newSAXParser();
parser.getXMLReader().setFeature(
"http://xml.org/sax/features/validation";, false);
--
http://groups.google.com/group/Google-Web-Toolkit-Contributors
