Hi,
I've read the following article describing the so called XML bomb:
http://searchsoftwarequality.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid92_gci1168442,00.html?asrc=SS_CLA_302558psrc=CLT_92
Now I'm asking myself if my XMLBeans based code is vulnerable. After
writing a simple
if u explcitily deprecate DTD and use schema, you will be fine...
- Original Message -
From: Christian Möller [EMAIL PROTECTED]
To: user@xmlbeans.apache.org
Sent: Tuesday, December 02, 2008 4:31 AM
Subject: Question regarding suggested way to prevent XML bomb
Hi,
I've read the
Yes, the question is how to disable DTDs. I have looked a bit through Piccolo's
source code and haven't found a way. If anyone knows of how to do it for a
particular parser and could post the info, that would be great. Then,
Christian, you can use that particular parser with XMLBeans and you
Hi. I'm at a bit of a loss for the problem I'm currently facing. I
currently have a project that uses the xmlbeans ant task to generate classes
based on a supplied XSD. In my ant version I use XMLBeans 2.3.0. I'm in
the process of converting this project over the maven, and as such I'm using
As far as I remember the getFooList() methods are generated for
generic accessors. This in done via the scomp tool with:
-javasource [version] - generate java source compatible for a Java version (
1.4 or 1.5)
It looks like one of your tools' usages is settings this value while
the other is
Thank you Jacob, that was exactly it. Specifying a javaSource of 1.5 for
the maven plugin caused the correct getter to appear.
-Jim
On Tue, Dec 2, 2008 at 4:10 PM, Jacob Danner [EMAIL PROTECTED] wrote:
As far as I remember the getFooList() methods are generated for
generic accessors. This in
6 matches
Mail list logo