aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Steiner <ssteiner@apache.org>2016-11-16 12:33:32 +0000
committerSimon Steiner <ssteiner@apache.org>2016-11-16 12:33:32 +0000
commit6e63f99fb2fc07f9a9690ce14e8f99cb045b6d4a (patch)
treef405cd78d0ad829d92cc181db82e94b9ea51a41e
parentd38a721c3023236a70828b28f0df12d0293632d4 (diff)
downloadxmlgraphics-fop-6e63f99fb2fc07f9a9690ce14e8f99cb045b6d4a.tar.gz
xmlgraphics-fop-6e63f99fb2fc07f9a9690ce14e8f99cb045b6d4a.zip
FOP-2668: Dont load DTDs
git-svn-id: https://svn.apache.org/repos/asf/xmlgraphics/fop/trunk@1769967 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--fop-core/src/main/java/org/apache/fop/cli/InputHandler.java1
-rw-r--r--fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java3
2 files changed, 4 insertions, 0 deletions
diff --git a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
index 5b9d2fd77..29d1c0c11 100644
--- a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
+++ b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
@@ -244,6 +244,7 @@ public class InputHandler implements ErrorListener, Renderable {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature("http://xml.org/sax/features/namespaces", true);
spf.setFeature("http://apache.org/xml/features/xinclude", true);
+ spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
XMLReader xr = spf.newSAXParser().getXMLReader();
return xr;
}
diff --git a/fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java b/fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java
index f06486c2b..0250415f2 100644
--- a/fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java
+++ b/fop-core/src/main/java/org/apache/fop/servlet/FopServlet.java
@@ -30,6 +30,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.XMLConstants;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
@@ -96,6 +97,8 @@ public class FopServlet extends HttpServlet {
public void init() throws ServletException {
this.uriResolver = new ServletContextURIResolver(getServletContext());
this.transFactory = TransformerFactory.newInstance();
+ transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ transFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
this.transFactory.setURIResolver(this.uriResolver);
//Configure FopFactory as desired
// TODO: Double check this behaves properly!!