BATIK-1349: Block loading external resource by default

git-svn-id: https://svn.apache.org/repos/asf/xmlgraphics/batik/trunk@1905049 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java b/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
index 8279a9a..dc4e9d0 100644
--- a/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
+++ b/batik-bridge/src/main/java/org/apache/batik/bridge/DefaultExternalResourceSecurity.java
@@ -77,6 +77,9 @@
                                            ParsedURL docURL){
         // Make sure that the archives comes from the same host
         // as the document itself
+        if (DATA_PROTOCOL.equals(externalResourceURL.getProtocol())) {
+            return;
+        }
         if (docURL == null) {
             se = new SecurityException
                 (Messages.formatMessage(ERROR_CANNOT_ACCESS_DOCUMENT_URL,
diff --git a/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/Main.java b/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/Main.java
index a42f3e3..bbf4927 100644
--- a/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/Main.java
+++ b/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/Main.java
@@ -501,11 +501,11 @@
     public static String CL_OPTION_CONSTRAIN_SCRIPT_ORIGIN_DESCRIPTION
         = Messages.get("Main.cl.option.constrain.script.origin.description", "No description");
 
-    public static String CL_OPTION_BLOCK_EXTERNAL_RESOURCES
-            = Messages.get("Main.cl.option.block.external.resources", "-blockExternalResources");
+    public static String CL_OPTION_ALLOW_EXTERNAL_RESOURCES
+            = Messages.get("Main.cl.option.allow.external.resources", "-allowExternalResources");
 
-    public static String CL_OPTION_BLOCK_EXTERNAL_RESOURCES_DESCRIPTION
-            = Messages.get("Main.cl.option.block.external.resources.description", "No description");
+    public static String CL_OPTION_ALLOW_EXTERNAL_RESOURCES_DESCRIPTION
+            = Messages.get("Main.cl.option.allow.external.resources.description", "No description");
 
     /**
      * Option to turn off secure execution of scripts
@@ -836,14 +836,14 @@
                           }
                       });
 
-        optionMap.put(CL_OPTION_BLOCK_EXTERNAL_RESOURCES,
+        optionMap.put(CL_OPTION_ALLOW_EXTERNAL_RESOURCES,
                 new NoValueOptionHandler(){
                     public void handleOption(SVGConverter c){
-                        c.allowExternalResources = false;
+                        c.allowExternalResources = true;
                     }
 
                     public String getOptionDescription(){
-                        return CL_OPTION_BLOCK_EXTERNAL_RESOURCES_DESCRIPTION;
+                        return CL_OPTION_ALLOW_EXTERNAL_RESOURCES_DESCRIPTION;
                     }
                 });
     }
diff --git a/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/SVGConverter.java b/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/SVGConverter.java
index 9ec2135..f2b1059 100644
--- a/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/SVGConverter.java
+++ b/batik-svgrasterizer/src/main/java/org/apache/batik/apps/rasterizer/SVGConverter.java
@@ -253,7 +253,7 @@
         the document which references them. */
     protected boolean constrainScriptOrigin = true;
 
-    protected boolean allowExternalResources = true;
+    protected boolean allowExternalResources;
 
     /** Controls whether scripts should be run securely or not */
     protected boolean securityOff = false;
@@ -927,8 +927,8 @@
             map.put(ImageTranscoder.KEY_CONSTRAIN_SCRIPT_ORIGIN, Boolean.FALSE);
         }
 
-        if (!allowExternalResources) {
-            map.put(ImageTranscoder.KEY_ALLOW_EXTERNAL_RESOURCES, Boolean.FALSE);
+        if (allowExternalResources) {
+            map.put(ImageTranscoder.KEY_ALLOW_EXTERNAL_RESOURCES, Boolean.TRUE);
         }
 
         return map;
diff --git a/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java b/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java
index 8d6ffe3..bc4d233 100644
--- a/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java
+++ b/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java
@@ -32,11 +32,11 @@
 import org.apache.batik.bridge.BaseScriptingEnvironment;
 import org.apache.batik.bridge.BridgeContext;
 import org.apache.batik.bridge.BridgeException;
+import org.apache.batik.bridge.DefaultExternalResourceSecurity;
 import org.apache.batik.bridge.DefaultScriptSecurity;
 import org.apache.batik.bridge.ExternalResourceSecurity;
 import org.apache.batik.bridge.GVTBuilder;
 import org.apache.batik.bridge.NoLoadScriptSecurity;
-import org.apache.batik.bridge.NoLoadExternalResourceSecurity;
 import org.apache.batik.bridge.RelaxedScriptSecurity;
 import org.apache.batik.bridge.SVGUtilities;
 import org.apache.batik.bridge.ScriptSecurity;
@@ -1118,7 +1118,7 @@
             if (isAllowExternalResources()) {
                 return super.getExternalResourceSecurity(resourceURL, docURL);
             }
-            return new NoLoadExternalResourceSecurity();
+            return new DefaultExternalResourceSecurity(resourceURL, docURL);
         }
 
         public boolean isAllowExternalResources() {
@@ -1126,7 +1126,7 @@
             if (b != null) {
                 return b;
             }
-            return true;
+            return false;
         }
     }
 }