core.git: scripting/java

Sun, 11 Aug 2024 09:20:54 -0700 

 scripting/java/com/sun/star/script/framework/container/XMLParserFactory.java | 
  28 +++++-----
 1 file changed, 16 insertions(+), 12 deletions(-)

New commits:
commit 85acb1724e617c5f6f4877cf51f11d97691bbb39
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun Aug 11 15:59:27 2024 +0100
Commit:     Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Sun Aug 11 18:20:27 2024 +0200

    cid#1608302 XML external entity processing enabled
    
    reformat to get it seen by scanner
    
    Change-Id: I44ce2c6ecd24e81e3b146b7f8b42b51f7d426e90
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171731
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>

diff --git 
a/scripting/java/com/sun/star/script/framework/container/XMLParserFactory.java 
b/scripting/java/com/sun/star/script/framework/container/XMLParserFactory.java
index dec4fc440415..7e67c3b384e5 100644
--- 
a/scripting/java/com/sun/star/script/framework/container/XMLParserFactory.java
+++ 
b/scripting/java/com/sun/star/script/framework/container/XMLParserFactory.java
@@ -64,18 +64,22 @@ public class XMLParserFactory {
         public DefaultParser() {
             factory = DocumentBuilderFactory.newInstance();
 
-            String[] featuresToDisable = {
-                "http://xml.org/sax/features/external-general-entities";,
-                "http://xml.org/sax/features/external-parameter-entities";,
-                
"http://apache.org/xml/features/nonvalidating/load-external-dtd";
-            };
-
-            for (String feature : featuresToDisable) {
-                try {
-                    factory.setFeature(feature, false);
-                } catch (ParserConfigurationException e) {
-                    LogUtils.DEBUG(LogUtils.getTrace(e));
-                }
+            try {
+                
factory.setFeature("http://xml.org/sax/features/external-general-entities";, 
false);
+            } catch (ParserConfigurationException e) {
+                LogUtils.DEBUG(LogUtils.getTrace(e));
+            }
+
+            try {
+                
factory.setFeature("http://xml.org/sax/features/external-parameter-entities";, 
false);
+            } catch (ParserConfigurationException e) {
+                LogUtils.DEBUG(LogUtils.getTrace(e));
+            }
+
+            try {
+                
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd";,
 false);
+            } catch (ParserConfigurationException e) {
+                LogUtils.DEBUG(LogUtils.getTrace(e));
             }
 
             try {

Reply via email to