diff options
-rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java | 2 | ||||
-rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java index fb41c7fb..3e5d6df2 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java @@ -48,6 +48,7 @@ import java.util.Map; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSocketFactory; +import javax.xml.XMLConstants; import javax.xml.transform.Templates; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; @@ -825,6 +826,7 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement } try { TransformerFactory factory = TransformerFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setURIResolver(new URIResolverAdapter(urlDereferencer)); StreamData sd = urlDereferencer.dereference(styleSheetURL); return factory.newTemplates(new StreamSource(sd.getStream())); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java index d4efddfc..4df529da 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java @@ -204,6 +204,7 @@ public abstract class SLResultImpl implements SLResult { if (templates == null) { try { TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); Transformer transformer = transformerFactory.newTransformer(); if (fragment) { transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); |