cvs commit: xml-soap/java/src/org/apache/soap/util/xml XMLParserUtils.java

Tue, 03 Dec 2002 09:54:32 -0800 

snichol     2002/12/03 09:45:11

  Modified:    java/src/org/apache/soap/util/xml XMLParserUtils.java
  Log:
  Only set Xerces-specific features if we believe we are using a Xerces
  factory.  Rather than throwing an exception when a feature is set on the
  factory, parsers throw when a parser is actually instantiated, which is
  a problem.
  
  Thanks to Pavel for finding this problem and suggesting the fix.
  
  Revision  Changes    Path
  1.10      +22 -3     xml-soap/java/src/org/apache/soap/util/xml/XMLParserUtils.java
  
  Index: XMLParserUtils.java
  ===================================================================
  RCS file: /home/cvs/xml-soap/java/src/org/apache/soap/util/xml/XMLParserUtils.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- XMLParserUtils.java       21 Nov 2002 16:36:58 -0000      1.9
  +++ XMLParserUtils.java       3 Dec 2002 17:45:11 -0000       1.10
  @@ -161,10 +161,29 @@
       dbf.setExpandEntityReferences(expandEntityReferences);
   
       try {
  -      dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion";,
  -                       Boolean.FALSE);
  +      // Some parsers don't throw an exception here, but throw one when the
  +      // factory creates an instance instead, so try to only do this for
  +      // Xerces.
  +      if 
(dbf.getClass().getName().equals("org.apache.xerces.jaxp.DocumentBuilderFactory")) {
  +        // speed up processing by turning off deferred node expansion
  +        dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion";,
  +                         Boolean.FALSE);
  +      }
       } catch (IllegalArgumentException e) {
  -      // parsers that do not support this option with throw this exception
  +      // parsers that do not support this option *should* throw this exception
  +    }
  +
  +    try {
  +      // Some parsers don't throw an exception here, but throw one when the
  +      // factory creates an instance instead, so try to only do this for
  +      // Xerces.
  +      if 
(dbf.getClass().getName().equals("org.apache.xerces.jaxp.DocumentBuilderFactory")) {
  +        // future: protect against DOS attacks through DOCTYPE processing
  +        dbf.setAttribute("http://apache.org/xml/features/disallow-doctype-decl";,
  +                         Boolean.TRUE);
  +      }
  +    } catch (IllegalArgumentException e) {
  +      // parsers that do not support this option *should* throw this exception
       }
   
       /*
  
  
  

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to