src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java
Print this page
@@ -18,22 +18,10 @@
* limitations under the License.
*/
package com.sun.org.apache.xerces.internal.dom;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Vector;
-
-import com.sun.org.apache.xerces.internal.util.PropertyState;
-import com.sun.org.apache.xerces.internal.util.Status;
-import org.w3c.dom.DOMConfiguration;
-import org.w3c.dom.DOMErrorHandler;
-import org.w3c.dom.DOMStringList;
-
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.XMLEntityManager;
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
import com.sun.org.apache.xerces.internal.impl.dv.DTDDVFactory;
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
@@ -40,11 +28,14 @@
import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
import com.sun.org.apache.xerces.internal.util.DOMEntityResolverWrapper;
import com.sun.org.apache.xerces.internal.util.DOMErrorHandlerWrapper;
import com.sun.org.apache.xerces.internal.util.MessageFormatter;
import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
+import com.sun.org.apache.xerces.internal.util.PropertyState;
import com.sun.org.apache.xerces.internal.util.SymbolTable;
+import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
import com.sun.org.apache.xerces.internal.xni.XNIException;
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
@@ -53,16 +44,23 @@
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
import com.sun.org.apache.xerces.internal.xni.parser.XMLEntityResolver;
import com.sun.org.apache.xerces.internal.xni.parser.XMLErrorHandler;
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
-import com.sun.org.apache.xerces.internal.utils.ObjectFactory;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Vector;
+import javax.xml.XMLConstants;
+import org.w3c.dom.DOMConfiguration;
+import org.w3c.dom.DOMErrorHandler;
import org.w3c.dom.DOMException;
+import org.w3c.dom.DOMStringList;
import org.w3c.dom.ls.LSResourceResolver;
-
/**
* Xerces implementation of DOMConfiguration that maintains a table of recognized parameters.
*
* @xerces.internal
*
@@ -156,10 +154,18 @@
/** Property identifier: Schema DV Factory */
protected static final String SCHEMA_DV_FACTORY =
Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY;
+ /** Property identifier: access to external dtd */
+ protected static final String ACCESS_EXTERNAL_DTD =
+ XMLConstants.ACCESS_EXTERNAL_DTD;
+
+ /** Property identifier: access to external schema */
+ protected static final String ACCESS_EXTERNAL_SCHEMA =
+ XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
//
// Data
//
XMLDocumentHandler fDocumentHandler;
@@ -274,11 +280,13 @@
VALIDATION_MANAGER,
GRAMMAR_POOL,
JAXP_SCHEMA_SOURCE,
JAXP_SCHEMA_LANGUAGE,
DTD_VALIDATOR_FACTORY_PROPERTY,
- SCHEMA_DV_FACTORY
+ SCHEMA_DV_FACTORY,
+ ACCESS_EXTERNAL_DTD,
+ ACCESS_EXTERNAL_SCHEMA
};
addRecognizedProperties(recognizedProperties);
// set default values for normalization features
features |= NAMESPACES;
@@ -308,11 +316,19 @@
addComponent(manager);
fValidationManager = createValidationManager();
setProperty(VALIDATION_MANAGER, fValidationManager);
+ //For DOM, the secure feature is set to true by default
+ String accessExternal = SecuritySupport.getDefaultAccessProperty(
+ Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
+ setProperty(ACCESS_EXTERNAL_DTD, accessExternal);
+ accessExternal = SecuritySupport.getDefaultAccessProperty(
+ Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
+ setProperty(ACCESS_EXTERNAL_SCHEMA, accessExternal);
+
// add message formatters
if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) {
XMLMessageFormatter xmft = new XMLMessageFormatter();
fErrorReporter.putMessageFormatter(XMLMessageFormatter.XML_DOMAIN, xmft);
fErrorReporter.putMessageFormatter(XMLMessageFormatter.XMLNS_DOMAIN, xmft);