BATIK-1349: Block loading external resource by default git-svn-id: https://svn.apache.org/repos/asf/xmlgraphics/batik/trunk@1905050 13f79535-47bb-0310-9956-ffa450edef68

commit: aaa1dd3e6b5a7df781d73e0c37a1df6a8f318893 [log] [tgz]
author: Simon Steiner <ssteiner@apache.org> Thu Nov 03 16:01:27 2022 +0000
committer: Simon Steiner <ssteiner@apache.org> Thu Nov 03 16:01:27 2022 +0000
tree: b8c0076f5c65e550f11228d0eabb7aeed837c86c
parent: 85b3457d9902f64d5d409a8da060d5ba47d0b69b [diff]
diff --git a/batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java b/batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java
index d163acf..7c415dd 100644
--- a/batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java
+++ b/batik-bridge/src/main/java/org/apache/batik/bridge/UserAgentAdapter.java

@@ -362,7 +362,7 @@
     public ExternalResourceSecurity 
         getExternalResourceSecurity(ParsedURL resourceURL,
                                     ParsedURL docURL) {
-        return new RelaxedExternalResourceSecurity(resourceURL, docURL);
+        return new DefaultExternalResourceSecurity(resourceURL, docURL);
     }
     
     /**

diff --git a/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java b/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java
index bc4d233..98cfc10 100644
--- a/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java
+++ b/batik-transcoder/src/main/java/org/apache/batik/transcoder/SVGAbstractTranscoder.java

@@ -32,11 +32,11 @@
 import org.apache.batik.bridge.BaseScriptingEnvironment;
 import org.apache.batik.bridge.BridgeContext;
 import org.apache.batik.bridge.BridgeException;
-import org.apache.batik.bridge.DefaultExternalResourceSecurity;
 import org.apache.batik.bridge.DefaultScriptSecurity;
 import org.apache.batik.bridge.ExternalResourceSecurity;
 import org.apache.batik.bridge.GVTBuilder;
 import org.apache.batik.bridge.NoLoadScriptSecurity;
+import org.apache.batik.bridge.RelaxedExternalResourceSecurity;
 import org.apache.batik.bridge.RelaxedScriptSecurity;
 import org.apache.batik.bridge.SVGUtilities;
 import org.apache.batik.bridge.ScriptSecurity;
@@ -1116,9 +1116,9 @@
 
         public ExternalResourceSecurity getExternalResourceSecurity(ParsedURL resourceURL, ParsedURL docURL) {
             if (isAllowExternalResources()) {
-                return super.getExternalResourceSecurity(resourceURL, docURL);
+                return new RelaxedExternalResourceSecurity(resourceURL, docURL);
             }
-            return new DefaultExternalResourceSecurity(resourceURL, docURL);
+            return super.getExternalResourceSecurity(resourceURL, docURL);
         }
 
         public boolean isAllowExternalResources() {
commit	aaa1dd3e6b5a7df781d73e0c37a1df6a8f318893	[log] [tgz]
author	Simon Steiner <ssteiner@apache.org>	Thu Nov 03 16:01:27 2022 +0000
committer	Simon Steiner <ssteiner@apache.org>	Thu Nov 03 16:01:27 2022 +0000
tree	b8c0076f5c65e550f11228d0eabb7aeed837c86c
parent	85b3457d9902f64d5d409a8da060d5ba47d0b69b [diff]