jaxp Udiff src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java

src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java

@@ -23,17 +23,18 @@
  * questions.
  */
 
 package com.sun.org.apache.xerces.internal.impl;
 
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
+import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
 import java.util.HashMap;
+import javax.xml.XMLConstants;
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLOutputFactory;
 import javax.xml.stream.XMLResolver;
 
-import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
-
 /**
  *  This class manages different properties related to Stax specification and its implementation.
  * This class constructor also takes itself (PropertyManager object) as parameter and initializes the
  * object with the property taken from the object passed.
  *

@@ -49,10 +50,16 @@
     public static final String STAX_ENTITIES = "javax.xml.stream.entities";
 
     private static final String STRING_INTERNING = "http://xml.org/sax/features/string-interning";
 
 
+    /** Property identifier: access to external dtd */
+    protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+    /** Property identifier: access to external schema  */
+    protected static final String ACCESS_EXTERNAL_SCHEMA = XMLConstants.ACCESS_EXTERNAL_SCHEMA;
+
     HashMap supportedProps = new HashMap();
 
     public static final int CONTEXT_READER = 1;
     public static final int CONTEXT_WRITER = 2;

@@ -115,10 +122,19 @@
         supportedProps.put(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.STAX_REPORT_CDATA_EVENT , new Boolean(false));
         supportedProps.put(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD, Boolean.FALSE);
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ATTDEF_FEATURE, new Boolean(false));
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE, new Boolean(false));
         supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_UNDECLARED_ELEMDEF_FEATURE, new Boolean(false));
+
+        //For DOM/SAX, the secure feature is set to true by default
+        String accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_DTD, Constants.EXTERNAL_ACCESS_DEFAULT);
+        supportedProps.put(ACCESS_EXTERNAL_DTD, accessExternal);        
+        
+        accessExternal =  SecuritySupport.getDefaultAccessProperty(
+                Constants.SP_ACCESS_EXTERNAL_SCHEMA, Constants.EXTERNAL_ACCESS_DEFAULT);
+        supportedProps.put(ACCESS_EXTERNAL_SCHEMA, accessExternal);
     }
 
     private void initWriterProps(){
         supportedProps.put(XMLOutputFactory.IS_REPAIRING_NAMESPACES , Boolean.FALSE);
         //default value of escaping characters is 'true'