aboutsummaryrefslogtreecommitdiffstats
path: root/fop-core/src
diff options
context:
space:
mode:
authorSimon Steiner <ssteiner@apache.org>2024-03-05 11:28:18 +0000
committerSimon Steiner <ssteiner@apache.org>2024-03-05 11:28:18 +0000
commitd96ba9a11710d02716b6f4f6107ebfa9ccec7134 (patch)
treeeb8aad874ccea03ea1616e47975538c964627b81 /fop-core/src
parentcb26fed42b675c576d8f4b69827a32a25e36c5bb (diff)
downloadxmlgraphics-fop-d96ba9a11710d02716b6f4f6107ebfa9ccec7134.tar.gz
xmlgraphics-fop-d96ba9a11710d02716b6f4f6107ebfa9ccec7134.zip
FOP-3168: Add secure processing for XSL input
Diffstat (limited to 'fop-core/src')
-rw-r--r--fop-core/src/main/java/org/apache/fop/cli/InputHandler.java2
1 files changed, 2 insertions, 0 deletions
diff --git a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
index 6d99bbe40..fb72762e9 100644
--- a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
+++ b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
@@ -26,6 +26,7 @@ import java.io.OutputStream;
import java.lang.reflect.InvocationTargetException;
import java.util.Vector;
+import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.ErrorListener;
@@ -265,6 +266,7 @@ public class InputHandler implements ErrorListener, Renderable {
try {
// Setup XSLT
TransformerFactory factory = TransformerFactory.newInstance();
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer;
Source xsltSource = createXSLTSource();