Re: How to programmatically disable the TOTAL_ENTITY_SIZE_LIMIT limit?

Behrang Saeedzadeh Sat, 23 Dec 2017 15:21:06 -0800

Apparently it can be disabled globally using the
"jdk.xml.totalEntitySizeLimit":


System.setProperty("jdk.xml.totalEntitySizeLimit", "0");

But I was wondering if it can be disabled on a given XMLEventReader or
javax.xml.stream.XMLStreamReader?

Best regards,
Behrang Saeedzadeh

On 24 December 2017 at 10:02, Behrang Saeedzadeh <behran...@gmail.com>
wrote:

> Hi
>
> JDK is using Xerces by default for StAX and some other XML related APIs.
>
> This implementation uses 
> com.sun.org.apache.xerces.internal.utils.XMLSecurityManager
> as the XML security manager and has a limit of com.sun.org.apache.xerces.
> internal.utils.XMLSecurityManager.Limit#TOTAL_ENTITY_SIZE_LIMIT
> (5,000,000) enabled by default.
>
> Is there a way to programmatically disable this limit when using StAX?
>
> For example, when creating an XMLInputFactory and XMLEventReader:
>
> final XMLInputFactory inputFactory = XMLInputFactory.newInstance();
>
> final XMLEventReader eventReader = 
> inputFactory.createXMLEventReader(inputStream);
>
>
>
> Best regards,
> Behrang Saeedzadeh
>

Re: How to programmatically disable the TOTAL_ENTITY_SIZE_LIMIT limit?

Reply via email to