aboutsummaryrefslogtreecommitdiff
path: root/common/src/main/java/at/gv/egovernment/moa
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-04-01 13:34:52 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-04-01 13:34:52 +0200
commitb9dbd4eed6cb0615a883de2e871e849fb32f1258 (patch)
tree04039923afae7631385640a2d564168bc3071846 /common/src/main/java/at/gv/egovernment/moa
parent4645963011550f50dd1a40186d5896b468f010d1 (diff)
downloadmoa-id-spss-b9dbd4eed6cb0615a883de2e871e849fb32f1258.tar.gz
moa-id-spss-b9dbd4eed6cb0615a883de2e871e849fb32f1258.tar.bz2
moa-id-spss-b9dbd4eed6cb0615a883de2e871e849fb32f1258.zip
update Axis to axis-1.0_IAIK_1.1.jar
- solve problems with possible XML External Entity (XXE) attacks - DocType Declarations are not allowed in axis-1.0_IAIK_1.1.jar
Diffstat (limited to 'common/src/main/java/at/gv/egovernment/moa')
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java5
1 files changed, 5 insertions, 0 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 102d3a31f..2b816ed4c 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -115,6 +115,8 @@ public class DOMUtils {
private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
"http://xml.org/sax/features/external-parameter-entities";
+ private static final String DISALLOW_DOCTYPE_FEATURE =
+ "http://apache.org/xml/features/disallow-doctype-decl";
@@ -514,6 +516,9 @@ public class DOMUtils {
parser.setFeature(NAMESPACES_FEATURE, true);
parser.setFeature(VALIDATION_FEATURE, true);
parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
+ parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+ parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true);
+
if (externalSchemaLocations != null) {
parser.setProperty(