diff options
author | tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2012-04-02 16:38:40 +0000 |
---|---|---|
committer | tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2012-04-02 16:38:40 +0000 |
commit | 355d8e3324688e9b68660512bf79710ce4df057b (patch) | |
tree | 86557d316194133689ec14c8fb7af04363011dc6 | |
parent | d67075dcf3790ed6858987c4100fcda2e5a097a5 (diff) | |
download | mocca-355d8e3324688e9b68660512bf79710ce4df057b.tar.gz mocca-355d8e3324688e9b68660512bf79710ce4df057b.tar.bz2 mocca-355d8e3324688e9b68660512bf79710ce4df057b.zip |
Set secure processing feature on XALAN Transformers
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1034 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
-rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java | 2 | ||||
-rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java index fb41c7fb..3e5d6df2 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java @@ -48,6 +48,7 @@ import java.util.Map; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSocketFactory; +import javax.xml.XMLConstants; import javax.xml.transform.Templates; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; @@ -825,6 +826,7 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement } try { TransformerFactory factory = TransformerFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setURIResolver(new URIResolverAdapter(urlDereferencer)); StreamData sd = urlDereferencer.dereference(styleSheetURL); return factory.newTemplates(new StreamSource(sd.getStream())); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java index d4efddfc..4df529da 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java @@ -204,6 +204,7 @@ public abstract class SLResultImpl implements SLResult { if (templates == null) { try { TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); Transformer transformer = transformerFactory.newTransformer(); if (fragment) { transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); |