[
https://issues.apache.org/jira/browse/XERCESJ-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Glavassevich updated XERCESJ-1455:
------------------------------------------
Fix Version/s: (was: 2.7.1)
(was: 2.8.0)
(was: 2.8.1)
(was: 2.9.0)
(was: 2.9.1)
(was: 2.10.0)
> New system property to limit entity expansion
> ---------------------------------------------
>
> Key: XERCESJ-1455
> URL: https://issues.apache.org/jira/browse/XERCESJ-1455
> Project: Xerces2-J
> Issue Type: Improvement
> Components: JAXP (javax.xml.parsers)
> Affects Versions: 2.7.1, 2.8.0, 2.8.1, 2.9.0, 2.9.1, 2.10.0
> Environment: all
> Reporter: yuechen
> Priority: Trivial
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> when setting org.apache.xerces.util.SecurityManager, default
> entityExpansionLimit is 100,000. this is still too high in many cases.
> although security Manager does have a setter for entityExpansionLimit, it
> will be more user friendly to have a new system property to limit entity
> expansion, such as the one in Sun's JAXP implementation:
> http://java.sun.com/j2se/1.5.0/docs/guide/xml/jaxp/JAXP-Compatibility_150.html#JAXP_security
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
