src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java
Print this page
@@ -50,11 +50,14 @@
import com.sun.org.apache.xerces.internal.xni.Augmentations;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler;
import com.sun.org.apache.xerces.internal.util.SecurityManager;
import com.sun.org.apache.xerces.internal.util.NamespaceSupport;
+import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
+import com.sun.xml.internal.stream.Entity;
+import javax.xml.XMLConstants;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.events.XMLEvent;
/**
*
@@ -157,10 +160,22 @@
/** Property identifier: entity resolver. */
protected static final String ENTITY_RESOLVER =
Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_RESOLVER_PROPERTY;
+ /** Feature identifier: standard uri conformant */
+ protected static final String STANDARD_URI_CONFORMANT =
+ Constants.XERCES_FEATURE_PREFIX +Constants.STANDARD_URI_CONFORMANT_FEATURE;
+
+ /** property identifier: access external dtd. */
+ protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+ /** access external dtd: file protocol
+ * For DOM/SAX, the secure feature is set to true by default
+ */
+ final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
+
// recognized features and properties
/** Recognized features. */
private static final String[] RECOGNIZED_FEATURES = {
NAMESPACES,
@@ -182,17 +197,19 @@
/** Recognized properties. */
private static final String[] RECOGNIZED_PROPERTIES = {
SYMBOL_TABLE,
ERROR_REPORTER,
ENTITY_MANAGER,
+ ACCESS_EXTERNAL_DTD
};
/** Property defaults. */
private static final Object[] PROPERTY_DEFAULTS = {
null,
null,
null,
+ EXTERNAL_ACCESS_DEFAULT
};
private static final char [] cdata = {'[','C','D','A','T','A','['};
private static final char [] endTag = {'<','/'};
@@ -295,11 +312,22 @@
protected boolean fReportCdataEvent = false ;
protected boolean fIsCoalesce = false ;
protected String fDeclaredEncoding = null;
/** Xerces Feature: Disallow doctype declaration. */
protected boolean fDisallowDoctype = false;
+ /**
+ * comma-delimited list of protocols that are allowed for the purpose
+ * of accessing external dtd or entity references
+ */
+ protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
+ /**
+ * standard uri conformant (strict uri).
+ * http://apache.org/xml/features/standard-uri-conformant
+ */
+ protected boolean fStrictURI;
+
// drivers
/** Active driver. */
protected Driver fDriver;
@@ -411,21 +439,10 @@
* permitted to completely scan a document if it does
* not support this "pull" scanning model.
*
* @return True if there is more to scan, false otherwise.
*/
- /* public boolean scanDocument(boolean complete)
- throws IOException, XNIException {
-
- // keep dispatching "events"
- fEntityManager.setEntityHandler(this);
-
- return true;
-
- } // scanDocument(boolean):boolean
- */
-
public boolean scanDocument(boolean complete)
throws IOException, XNIException {
// keep dispatching "events"
fEntityManager.setEntityHandler(this);
@@ -577,10 +594,13 @@
//attribute
fReadingAttributes = false;
//xxx: external entities are supported in Xerces
// it would be good to define feature for this case
fSupportExternalEntities = true;
+ fSupportExternalEntities = true;
+ fSupportExternalEntities = true;
+ fSupportExternalEntities = true;
fReplaceEntityReferences = true;
fIsCoalesce = false;
// setup Driver
setScannerState(SCANNER_STATE_CONTENT);
@@ -587,10 +607,13 @@
setDriver(fContentDriver);
fEntityStore = fEntityManager.getEntityStore();
dtdGrammarUtil = null;
+ // JAXP 1.5 features and properties
+ fAccessExternalDTD = (String) componentManager.getProperty(ACCESS_EXTERNAL_DTD, EXTERNAL_ACCESS_DEFAULT);
+ fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false);
//fEntityManager.test();
} // reset(XMLComponentManager)
@@ -637,10 +660,13 @@
fEntityStore = fEntityManager.getEntityStore();
//fEntityManager.test();
dtdGrammarUtil = null;
+ // Oracle jdk feature
+ fAccessExternalDTD = (String) propertyManager.getProperty(ACCESS_EXTERNAL_DTD);
+
} // reset(XMLComponentManager)
/**
* Returns a list of feature identifiers that are recognized by
* this component. This method may return null if no features
@@ -733,10 +759,18 @@
fEntityManager = (XMLEntityManager)value;
}
return;
}
+ //JAXP 1.5 properties
+ if (propertyId.startsWith(Constants.JAXPAPI_PROPERTY_PREFIX)) {
+ if (propertyId.equals(ACCESS_EXTERNAL_DTD))
+ {
+ fAccessExternalDTD = (String)value;
+ }
+ }
+
} // setProperty(String,Object)
/**
* Returns the default state for a feature, or null if this
* component does not want to report a default value for this
@@ -1844,11 +1878,12 @@
}
//1. if the entity is external and support to external entities is not required
// 2. or entities should not be replaced
//3. or if it is built in entity reference.
- if((fEntityStore.isExternalEntity(name) && !fSupportExternalEntities) || (!fEntityStore.isExternalEntity(name) && !fReplaceEntityReferences) || foundBuiltInRefs){
+ boolean isEE = fEntityStore.isExternalEntity(name);
+ if((isEE && !fSupportExternalEntities) || (!isEE && !fReplaceEntityReferences) || foundBuiltInRefs){
fScannerState = SCANNER_STATE_REFERENCE;
return ;
}
// start general entity
if (!fEntityStore.isDeclaredEntity(name)) {
@@ -1994,10 +2029,16 @@
}
return "null";
} // getDriverName():String
+ String checkAccess(String systemId, String allowedProtocols) throws IOException {
+ String baseSystemId = fEntityScanner.getBaseSystemId();
+ String expandedSystemId = fEntityManager.expandSystemId(systemId, baseSystemId,fStrictURI);
+ return SecuritySupport.checkAccess(expandedSystemId, allowedProtocols, Constants.ACCESS_EXTERNAL_ALL);
+ }
+
//
// Classes
//
/**