[xmltooling] 23/24: CPPXT-120 - Set disallow-doctype property on DOMLSParser
Etienne Dysli Metref
edm-guest at moszumanska.debian.org
Fri Jan 12 15:53:59 UTC 2018
This is an automated email from the git hooks/post-receive script.
edm-guest pushed a commit to branch master
in repository xmltooling.
commit 377eb5dec8bfc41ad310830e4a4e43d75e59d2fc
Author: Scott Cantor <cantor.2 at osu.edu>
Date: Tue Jan 9 16:22:07 2018 -0500
CPPXT-120 - Set disallow-doctype property on DOMLSParser
https://issues.shibboleth.net/jira/browse/CPPXT-120
---
xmltooling/util/ParserPool.cpp | 1 +
xmltoolingtest/UnmarshallingTest.h | 6 ++++++
xmltoolingtest/data/DTD.xml | 3 +++
3 files changed, 10 insertions(+)
diff --git a/xmltooling/util/ParserPool.cpp b/xmltooling/util/ParserPool.cpp
index 4ba983b..c2c1aef 100644
--- a/xmltooling/util/ParserPool.cpp
+++ b/xmltooling/util/ParserPool.cpp
@@ -369,6 +369,7 @@ DOMLSParser* ParserPool::createBuilder()
}
parser->getDomConfig()->setParameter(XMLUni::fgXercesUserAdoptsDOMDocument, true);
parser->getDomConfig()->setParameter(XMLUni::fgXercesDisableDefaultEntityResolution, true);
+ parser->getDomConfig()->setParameter(XMLUni::fgDOMDisallowDoctype, true);
parser->getDomConfig()->setParameter(XMLUni::fgDOMResourceResolver, dynamic_cast<DOMLSResourceResolver*>(this));
parser->getDomConfig()->setParameter(XMLUni::fgXercesSecurityManager, m_security.get());
return parser;
diff --git a/xmltoolingtest/UnmarshallingTest.h b/xmltoolingtest/UnmarshallingTest.h
index a7c6816..70e3d66 100644
--- a/xmltoolingtest/UnmarshallingTest.h
+++ b/xmltoolingtest/UnmarshallingTest.h
@@ -72,6 +72,12 @@ public:
XMLObjectBuilder::deregisterBuilder(qtype);
}
+ void testUnmarshallingWithDTD() {
+ string path=data_path + "DTD.xml";
+ ifstream fs(path.c_str());
+ TS_ASSERT_THROWS(XMLToolingConfig::getConfig().getParser().parse(fs),XMLParserException);
+ }
+
void testUnmarshallingWithAttributes() {
string path=data_path + "SimpleXMLObjectWithAttribute.xml";
ifstream fs(path.c_str());
diff --git a/xmltoolingtest/data/DTD.xml b/xmltoolingtest/data/DTD.xml
new file mode 100644
index 0000000..f7cb13e
--- /dev/null
+++ b/xmltoolingtest/data/DTD.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE SimpleElement PUBLIC "simple" "simple.dtd">
+<test:SimpleElement xmlns:test="http://www.example.org/testObjects" />
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/xmltooling.git
More information about the Pkg-shibboleth-devel
mailing list