src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java
Print this page
@@ -24,10 +24,11 @@
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Locale;
import java.util.Stack;
import java.util.StringTokenizer;
+import javax.xml.XMLConstants;
import com.sun.org.apache.xerces.internal.impl.Constants;
import com.sun.org.apache.xerces.internal.impl.XMLEntityManager;
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
import com.sun.org.apache.xerces.internal.impl.io.MalformedByteSequenceException;
@@ -227,10 +228,18 @@
Constants.XERCES_PROPERTY_PREFIX + Constants.BUFFER_SIZE_PROPERTY;
protected static final String PARSER_SETTINGS =
Constants.XERCES_FEATURE_PREFIX + Constants.PARSER_SETTINGS;
+ /** property identifier: access external dtd. */
+ protected static final String ACCESS_EXTERNAL_DTD = XMLConstants.ACCESS_EXTERNAL_DTD;
+
+ /** access external dtd: file protocol
+ * For DOM/SAX, the secure feature is set to true by default
+ */
+ final static String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT;
+
/** Recognized features. */
private static final String[] RECOGNIZED_FEATURES =
{ ALLOW_UE_AND_NOTATION_EVENTS, XINCLUDE_FIXUP_BASE_URIS, XINCLUDE_FIXUP_LANGUAGE };
/** Feature defaults. */
@@ -281,11 +290,17 @@
protected XIncludeNamespaceSupport fNamespaceContext;
protected SymbolTable fSymbolTable;
protected XMLErrorReporter fErrorReporter;
protected XMLEntityResolver fEntityResolver;
protected SecurityManager fSecurityManager;
+ /**
+ * comma-delimited list of protocols that are allowed for the purpose
+ * of accessing external dtd or entity references
+ */
+ protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT;
+
// these are needed for text include processing
protected XIncludeTextReader fXInclude10TextReader;
protected XIncludeTextReader fXInclude11TextReader;
// these are needed for XML Base processing
@@ -521,10 +536,12 @@
}
catch (XMLConfigurationException e) {
fSecurityManager = null;
}
+ fAccessExternalDTD = (String)componentManager.getProperty(ACCESS_EXTERNAL_DTD);
+
// Get buffer size.
try {
Integer value =
(Integer)componentManager.getProperty(
BUFFER_SIZE);
@@ -662,10 +679,18 @@
if (fChildConfig != null) {
fChildConfig.setProperty(propertyId, value);
}
return;
}
+ if (propertyId.equals(ACCESS_EXTERNAL_DTD)) {
+ fAccessExternalDTD = (String)value;
+ if (fChildConfig != null) {
+ fChildConfig.setProperty(propertyId, value);
+ }
+ return;
+ }
+
if (propertyId.equals(BUFFER_SIZE)) {
Integer bufferSize = (Integer) value;
if (fChildConfig != null) {
fChildConfig.setProperty(propertyId, value);
}
@@ -1576,10 +1601,11 @@
// use the same symbol table, error reporter, entity resolver, security manager and buffer size.
if (fSymbolTable != null) fChildConfig.setProperty(SYMBOL_TABLE, fSymbolTable);
if (fErrorReporter != null) fChildConfig.setProperty(ERROR_REPORTER, fErrorReporter);
if (fEntityResolver != null) fChildConfig.setProperty(ENTITY_RESOLVER, fEntityResolver);
fChildConfig.setProperty(SECURITY_MANAGER, fSecurityManager);
+ fChildConfig.setProperty(ACCESS_EXTERNAL_DTD, fAccessExternalDTD);
fChildConfig.setProperty(BUFFER_SIZE, new Integer(fBufferSize));
// features must be copied to child configuration
fNeedCopyFeatures = true;
@@ -1689,11 +1715,11 @@
catch (XNIException e) {
// necessary to make sure proper location is reported in errors
if (fErrorReporter != null) {
fErrorReporter.setDocumentLocator(fDocLocation);
}
- reportFatalError("XMLParseError", new Object[] { href });
+ reportFatalError("XMLParseError", new Object[] { href, e.getMessage() });
}
catch (IOException e) {
// necessary to make sure proper location is reported in errors
if (fErrorReporter != null) {
fErrorReporter.setDocumentLocator(fDocLocation);