Pavel,

Can you test with these changes?  Thanks.

Scott Nichol
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 03, 2002 12:45 PM
Subject: cvs commit: xml-soap/java/src/org/apache/soap/util/xml
XMLParserUtils.java


> snichol     2002/12/03 09:45:11
>
>   Modified:    java/src/org/apache/soap/util/xml XMLParserUtils.java
>   Log:
>   Only set Xerces-specific features if we believe we are using a
Xerces
>   factory.  Rather than throwing an exception when a feature is set on
the
>   factory, parsers throw when a parser is actually instantiated, which
is
>   a problem.
>
>   Thanks to Pavel for finding this problem and suggesting the fix.
>
>   Revision  Changes    Path
>   1.10      +22 -3
xml-soap/java/src/org/apache/soap/util/xml/XMLParserUtils.java
>
>   Index: XMLParserUtils.java
>   ===================================================================
>   RCS file:
/home/cvs/xml-soap/java/src/org/apache/soap/util/xml/XMLParserUtils.java
,v
>   retrieving revision 1.9
>   retrieving revision 1.10
>   diff -u -r1.9 -r1.10
>   --- XMLParserUtils.java 21 Nov 2002 16:36:58 -0000 1.9
>   +++ XMLParserUtils.java 3 Dec 2002 17:45:11 -0000 1.10
>   @@ -161,10 +161,29 @@
>        dbf.setExpandEntityReferences(expandEntityReferences);
>
>        try {
>   -
dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansio
n",
>   -                       Boolean.FALSE);
>   +      // Some parsers don't throw an exception here, but throw one
when the
>   +      // factory creates an instance instead, so try to only do
this for
>   +      // Xerces.
>   +      if
(dbf.getClass().getName().equals("org.apache.xerces.jaxp.DocumentBuilder
Factory")) {
>   +        // speed up processing by turning off deferred node
expansion
>   +
dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansio
n",
>   +                         Boolean.FALSE);
>   +      }
>        } catch (IllegalArgumentException e) {
>   -      // parsers that do not support this option with throw this
exception
>   +      // parsers that do not support this option *should* throw
this exception
>   +    }
>   +
>   +    try {
>   +      // Some parsers don't throw an exception here, but throw one
when the
>   +      // factory creates an instance instead, so try to only do
this for
>   +      // Xerces.
>   +      if
(dbf.getClass().getName().equals("org.apache.xerces.jaxp.DocumentBuilder
Factory")) {
>   +        // future: protect against DOS attacks through DOCTYPE
processing
>   +
dbf.setAttribute("http://apache.org/xml/features/disallow-doctype-decl";,
>   +                         Boolean.TRUE);
>   +      }
>   +    } catch (IllegalArgumentException e) {
>   +      // parsers that do not support this option *should* throw
this exception
>        }
>
>        /*
>
>
>
>
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to