diff options
author | Simon Steiner <ssteiner@apache.org> | 2016-11-16 12:33:32 +0000 |
---|---|---|
committer | Simon Steiner <ssteiner@apache.org> | 2016-11-16 12:33:32 +0000 |
commit | 6e63f99fb2fc07f9a9690ce14e8f99cb045b6d4a (patch) | |
tree | f405cd78d0ad829d92cc181db82e94b9ea51a41e | |
parent | d38a721c3023236a70828b28f0df12d0293632d4 (diff) | |
download | xmlgraphics-fop-6e63f99fb2fc07f9a9690ce14e8f99cb045b6d4a.tar.gz xmlgraphics-fop-6e63f99fb2fc07f9a9690ce14e8f99cb045b6d4a.zip |
FOP-2668: Dont load DTDs
git-svn-id: https://svn.apache.org/repos/asf/xmlgraphics/fop/trunk@1769967 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | fop-core/src/main/java/org/apache/fop/cli/InputHandler.java | 1 | ||||
-rw-r--r-- | fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java index 5b9d2fd77..29d1c0c11 100644 --- a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java +++ b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java @@ -244,6 +244,7 @@ public class InputHandler implements ErrorListener, Renderable { SAXParserFactory spf = SAXParserFactory.newInstance(); spf.setFeature("http://xml.org/sax/features/namespaces", true); spf.setFeature("http://apache.org/xml/features/xinclude", true); + spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); XMLReader xr = spf.newSAXParser().getXMLReader(); return xr; } diff --git a/fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java b/fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java index f06486c2b..0250415f2 100644 --- a/fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java +++ b/fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java @@ -30,6 +30,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.XMLConstants; import javax.xml.transform.Result; import javax.xml.transform.Source; import javax.xml.transform.Transformer; @@ -96,6 +97,8 @@ public class FopServlet extends HttpServlet { public void init() throws ServletException { this.uriResolver = new ServletContextURIResolver(getServletContext()); this.transFactory = TransformerFactory.newInstance(); + transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); this.transFactory.setURIResolver(this.uriResolver); //Configure FopFactory as desired // TODO: Double check this behaves properly!! |