It's still on my TODO list but unfortunately haven't had any time (aside from answering the odd e-mail) for Apache lately.
Michael Glavassevich XML Technologies and WAS Development IBM Toronto Lab E-mail: [email protected] E-mail: [email protected] Elliotte Rusty Harold <[email protected]> wrote on 09/19/2014 05:41:08 PM: > Ping again. It's over a month now. Employer support for working on > this may go away soon. :-( > > On Fri, Aug 15, 2014 at 10:35 AM, Michael Glavassevich <[email protected] > > wrote: > Been busy with my day job. Hope to take a look at it soon. > > Thanks. > > Michael Glavassevich > XML Technologies and WAS Development > IBM Toronto Lab > E-mail: [email protected] > E-mail: [email protected] > > Elliotte Rusty Harold <[email protected]> wrote on 08/15/2014 10:31:27 > AM: > > > Ping. Any thoughts about this? I don't expect you to accept the > > patch as is, but I would like to get the ball rolling. > > > > Thanks. > > > > > On Fri, Aug 8, 2014 at 3:27 PM, Elliotte Rusty Harold > <[email protected] > > > wrote: > > I'm attaching a patch. (I looked for a way to attach a patch in Jira > > but couldn't find one.) > > > > Feel free to request revisions. > > > > > On Fri, Aug 8, 2014 at 1:51 PM, Elliotte Rusty Harold > <[email protected] > > > wrote: > > > > OK this is weird. Apparently everything works if I set > > > > System.setProperty("jdk.xml.entityExpansionLimit", "0"); > > > > and otherwise it doesn't. Somehow that triggers the use of the > > SecureProcessingConfiguration. Can anyone explain why? > > > > > > > On Fri, Aug 8, 2014 at 12:55 PM, Elliotte Rusty Harold > <[email protected] > > > wrote: > > I can make SecureProcessingConfiguration recognize the SAX property > > http://apache.org/xml/properties/total-entity-size-limit (i.e. you > > can get it and set it.) > > > > However there's something I'm missing in terms of making it > > actually pay attention to it. > > > > I've added this code to checkEntitySizeLimits: > > > > // If a specific value is set on the reader use that; > > otherwise use system value > > int totalEntitySizeProperty = ((Number) getProperty > > (TOTAL_ENTITY_SIZE_PROPERTY)).intValue(); > > int totalEntitySizeLimit = totalEntitySizeProperty > 0 ? > > totalEntitySizeProperty > > : TOTAL_ENTITY_SIZE_LIMIT_SYSTEM_VALUE; > > > > > > However my tests and the debugger tell me that nothing is ever > > calling checkEntitySizeLimits. So there's probably something I don't > > understand about setting up the parser. What I'm doing is this: > > > > public class TotalEntitySizeTest extends TestCase { > > > > private static final String TOTAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME > > = "http://apache.org/xml/properties/total-entity-size-limit";; > > > > public void testSAXTotalEntitySizeLimitSystemProperty() throws > Exception { > > XMLReader reader = new SecureParser(); > > reader.setProperty(TOTAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME, > > Integer.valueOf(10000)); > > assertEquals(Integer.valueOf(10000), reader.getProperty > > (TOTAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME)); > > > > try { > > reader.parse(new InputData("pEntitySP.xml")); > > fail("Expected SAXParseException"); > > } > > catch (SAXParseException se) { > > assertTrue(se.getMessage().indexOf("\"10,000\"") != -1); > > } > > } > > > > private static class SecureParser extends SAXParser { > > SecureParser() { > > super(new SecureProcessingConfiguration()); > > } > > } > > > > } > > > > It fails with a heap out of memory. Any suggestions? > > > > > > > On Mon, Jul 28, 2014 at 10:58 AM, Michael Glavassevich > <[email protected] > > > wrote: > > Was planning on only adding it to SecureProcessingConfiguration. Have > been > > thinking about making it the default config in the next release. > > > > Michael Glavassevich > > XML Technologies and WAS Development > > IBM Toronto Lab > > E-mail: [email protected] > > E-mail: [email protected] > > > Elliotte Rusty Harold <[email protected]> wrote on 07/25/2014 02:30:10 > > PM: > > > > > Should this property be supported by all configurations are just by > > > the SecureProcessingConfiguration? > > > > > > > > On Wed, Jul 9, 2014 at 10:46 AM, Michael Glavassevich > > <[email protected] > > > > wrote: > > > Elliotte Rusty Harold <[email protected]> wrote on 07/08/2014 > 04:08:58 > > > PM: > > > > > > > From: Elliotte Rusty Harold <[email protected]> > > > > To: [email protected], > > > > Date: 07/08/2014 04:09 PM > > > > Subject: Re: totalEntitySizeLimit > > > > > > > > What name will be used? > > > > > Following naming conventions of Xerces' other properties it would > > probably > > > be something like: > > > http://apache.org/xml/properties/total-entity-size-limit. Still TBD. > > > > > > > Any plans for when the next release is likely to drop? > > > > > There's no date yet. Any discussion about that would happen on this > > > mailing list. We know we're long overdue though. > > > > > > > On Tue, Jul 8, 2014 at 1:11 PM, Michael Glavassevich > > > <[email protected]> > > > > > wrote: > > > > There's been some work on the trunk for supporting similar function > > but > > > it > > > > won't be exposed with that Oracle property name. > > > > > > > > Michael Glavassevich > > > > XML Technologies and WAS Development > > > > IBM Toronto Lab > > > > E-mail: [email protected] > > > > E-mail: [email protected] > > > > > > > > Elliotte Rusty Harold <[email protected]> wrote on 07/08/2014 > > 12:30:07 > > > > PM: > > > > > > > > > Is there any plan to implement the http://www.oracle.com/xml/jaxp/ > > > > > properties/totalEntitySizeLimit property or equivalent in trunk > > > Xerces? > > > > > > > > > > It is supported for a few months now in the patched Xerces shipped > > > > > with the JDK 7. > > > > > > > > > > -- > > > > > Elliotte Rusty Harold > > > > > [email protected] > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > -- > > > > Elliotte Rusty Harold > > > > [email protected] > > > > > Thanks. > > > > > > Michael Glavassevich > > > XML Technologies and WAS Development > > > IBM Toronto Lab > > > E-mail: [email protected] > > > E-mail: [email protected] > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > -- > > > Elliotte Rusty Harold > > > [email protected] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > -- > > Elliotte Rusty Harold > > [email protected] > > > > > > > -- > > Elliotte Rusty Harold > > [email protected] > > > > > > > -- > > Elliotte Rusty Harold > > [email protected] > > > > > > > -- > > Elliotte Rusty Harold > > [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- > Elliotte Rusty Harold > [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
