ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1868861 - /webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
Date Thu, 24 Oct 2019 09:41:48 GMT
Author: coheigea
Date: Thu Oct 24 09:41:48 2019
New Revision: 1868861

URL: http://svn.apache.org/viewvc?rev=1868861&view=rev
Log:
Disallow external DTDs

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java?rev=1868861&r1=1868860&r2=1868861&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
Thu Oct 24 09:41:48 2019
@@ -138,8 +138,16 @@ public final class XMLUtils {
         throws TransformerException {
         DOMSource source = new DOMSource(element);
         StreamResult result = new StreamResult(out);
+
         TransformerFactory transFactory = TransformerFactory.newInstance();
         transFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        try {
+            transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+        } catch (IllegalArgumentException ex) { //NOPMD
+            // ignore
+        }
+
         Transformer transformer = transFactory.newTransformer();
         transformer.transform(source, result);
     }



Mime
View raw message