commit | 6f7d6565cf576fb19b67134244a34c61624c37d2 | [log] [tgz] |
---|---|---|
author | Colm O hEigeartaigh <coheigea@apache.org> | Wed Jun 03 11:22:34 2020 +0100 |
committer | Colm O hEigeartaigh <coheigea@apache.org> | Wed Jun 03 11:22:34 2020 +0100 |
tree | 1558a70cccc34e2601f145fd1d21e5ccc8a5a010 | |
parent | 0037980aa3c71518140063c23020d1f0a0355140 [diff] |
Disallow DocTypes in XML files
diff --git a/xml2fastinfoset-plugin/src/main/java/org/apache/cxf/maven_plugin/xml2fastinfoset/XML2FastInfosetCompilerMojo.java b/xml2fastinfoset-plugin/src/main/java/org/apache/cxf/maven_plugin/xml2fastinfoset/XML2FastInfosetCompilerMojo.java index 75b4bf2..5398e2b 100644 --- a/xml2fastinfoset-plugin/src/main/java/org/apache/cxf/maven_plugin/xml2fastinfoset/XML2FastInfosetCompilerMojo.java +++ b/xml2fastinfoset-plugin/src/main/java/org/apache/cxf/maven_plugin/xml2fastinfoset/XML2FastInfosetCompilerMojo.java
@@ -211,6 +211,7 @@ // Instantiate JAXP SAX parser factory SAXParserFactory saxParserFactory = SAXParserFactory.newInstance(); saxParserFactory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + saxParserFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); /* * Set parser to be namespace aware Very important to do otherwise * invalid FI documents will be created by the SAXDocumentSerializer