[
https://issues.apache.org/jira/browse/XERCESJ-1644?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arun Babu Neelicattu updated XERCESJ-1644:
------------------------------------------
Attachment: XERCESJ-1644.patch
Attaching a PoC patch demonstrating requesting feature. The patch implements
only system property based configuration.
Supporting these configurations from within a global property file either
system wide or from within the class path might be ideal.
Note that the patch defaults to enabling _disallow-doctype-decl_ and disabling
_external-general-entities_ and _external-parameter-entities_.
> RFE: Allow global enabling/disabling of features with secure defaults
> ---------------------------------------------------------------------
>
> Key: XERCESJ-1644
> URL: https://issues.apache.org/jira/browse/XERCESJ-1644
> Project: Xerces2-J
> Issue Type: Improvement
> Components: JAXP (javax.xml.parsers)
> Affects Versions: 2.11.0
> Reporter: Arun Babu Neelicattu
> Attachments: XERCESJ-1644.patch
>
>
> It would be useful to be able enable and disable features using a global
> configuration, either by using system properties or a property file or both.
> Possible usage via system properties:
> {noformat}
> -Dorg.apache.xerces.jaxp.features.enable=http://apache.org/xml/features/disallow-doctype-decl
> -Dorg.apache.xerces.jaxp.features.disable=http://xml.org/sax/features/external-general-entities,http://xml.org/sax/features/external-parameter-entities
> {noformat}
> Is this something that can be added?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
