xmlgraphics-batik-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From thomas.dewe...@kodak.com
Subject Re: disable external references when transcoding
Date Sat, 10 May 2008 16:50:31 GMT
Hi River,

River Tarnell <river@wikimedia.org> wrote on 05/08/2008 07:56:06 PM:

> i'm writing a server process that transcodes user-supplied SVG images
> to PNG.  to do this securely, i need to disable loading of scripts
> and external references.  i see that KEY_ALLOWED_SCRIPT_TYPES can be
> used to disable scripting, but how can i disable other external
> references?

   You can provide a UserAgent to the BridgeContext that 
implements 'getExternalResourceSecurity' and 
'checkLoadExternalResource' so they throw a security
exception appropriately.

   If you are using the current transcoders you can
do this by sublassing the transcoder and overriding the
'createUserAgent' method to return your custom user agent.
View raw message