> This is likely the protection against reading anything outside the > webapp root (see the "allowLinking" of FileDirContext), although I don't > know how the digester will try to load the included file.
Digester code is derived from XmlMapper which is able to locate entities in ../../../ directories. My concern here is : Specs didn't mentions restriction on use of external entities outside the webapp. So it should be granted by default isn't it ? I take a look at FileDirContext but I didn't understand what allowLinking is ? So my question is : bug or feature ? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
