From 355d8e3324688e9b68660512bf79710ce4df057b Mon Sep 17 00:00:00 2001
From: tkellner <tkellner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Mon, 2 Apr 2012 16:38:40 +0000
Subject: Set secure processing feature on XALAN Transformers

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1034 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java  | 2 ++
 .../src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java      | 1 +
 2 files changed, 3 insertions(+)

(limited to 'bkucommon')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index fb41c7fb..3e5d6df2 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -48,6 +48,7 @@ import java.util.Map;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLHandshakeException;
 import javax.net.ssl.SSLSocketFactory;
+import javax.xml.XMLConstants;
 import javax.xml.transform.Templates;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
@@ -825,6 +826,7 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
 		}
 		try {
 			TransformerFactory factory = TransformerFactory.newInstance();
+			factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 			factory.setURIResolver(new URIResolverAdapter(urlDereferencer));
 			StreamData sd = urlDereferencer.dereference(styleSheetURL);
 			return factory.newTemplates(new StreamSource(sd.getStream()));
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
index d4efddfc..4df529da 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/SLResultImpl.java
@@ -204,6 +204,7 @@ public abstract class SLResultImpl implements SLResult {
     if (templates == null) {
       try {
         TransformerFactory transformerFactory = TransformerFactory.newInstance();
+        transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
         Transformer transformer = transformerFactory.newTransformer();
         if (fragment) {
           transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
-- 
cgit v1.2.3