diff options
author | Simon Steiner <ssteiner@apache.org> | 2024-03-05 11:28:18 +0000 |
---|---|---|
committer | Simon Steiner <ssteiner@apache.org> | 2024-03-05 11:28:18 +0000 |
commit | d96ba9a11710d02716b6f4f6107ebfa9ccec7134 (patch) | |
tree | eb8aad874ccea03ea1616e47975538c964627b81 /fop-core/src | |
parent | cb26fed42b675c576d8f4b69827a32a25e36c5bb (diff) | |
download | xmlgraphics-fop-d96ba9a11710d02716b6f4f6107ebfa9ccec7134.tar.gz xmlgraphics-fop-d96ba9a11710d02716b6f4f6107ebfa9ccec7134.zip |
FOP-3168: Add secure processing for XSL input
Diffstat (limited to 'fop-core/src')
-rw-r--r-- | fop-core/src/main/java/org/apache/fop/cli/InputHandler.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java index 6d99bbe40..fb72762e9 100644 --- a/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java +++ b/fop-core/src/main/java/org/apache/fop/cli/InputHandler.java @@ -26,6 +26,7 @@ import java.io.OutputStream; import java.lang.reflect.InvocationTargetException; import java.util.Vector; +import javax.xml.XMLConstants; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParserFactory; import javax.xml.transform.ErrorListener; @@ -265,6 +266,7 @@ public class InputHandler implements ErrorListener, Renderable { try { // Setup XSLT TransformerFactory factory = TransformerFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); Transformer transformer; Source xsltSource = createXSLTSource(); |