diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-01 13:34:52 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-01 13:34:52 +0200 |
commit | b9dbd4eed6cb0615a883de2e871e849fb32f1258 (patch) | |
tree | 04039923afae7631385640a2d564168bc3071846 /common/src/main/java/at/gv/egovernment/moa | |
parent | 4645963011550f50dd1a40186d5896b468f010d1 (diff) | |
download | moa-id-spss-b9dbd4eed6cb0615a883de2e871e849fb32f1258.tar.gz moa-id-spss-b9dbd4eed6cb0615a883de2e871e849fb32f1258.tar.bz2 moa-id-spss-b9dbd4eed6cb0615a883de2e871e849fb32f1258.zip |
update Axis to axis-1.0_IAIK_1.1.jar
- solve problems with possible XML External Entity (XXE) attacks
- DocType Declarations are not allowed in axis-1.0_IAIK_1.1.jar
Diffstat (limited to 'common/src/main/java/at/gv/egovernment/moa')
-rw-r--r-- | common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java index 102d3a31f..2b816ed4c 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java @@ -115,6 +115,8 @@ public class DOMUtils { private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = "http://xml.org/sax/features/external-parameter-entities"; + private static final String DISALLOW_DOCTYPE_FEATURE = + "http://apache.org/xml/features/disallow-doctype-decl"; @@ -514,6 +516,9 @@ public class DOMUtils { parser.setFeature(NAMESPACES_FEATURE, true); parser.setFeature(VALIDATION_FEATURE, true); parser.setFeature(SCHEMA_VALIDATION_FEATURE, true); + parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); + parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true); + if (externalSchemaLocations != null) { parser.setProperty( |