Bug #2051: Set the features and properties of the XMLParser - Saxon - Saxonica Developer Community

Actions

Send by e-mail Copy link

Bug #2051

closed

Set the features and properties of the XMLParser

Added by O'Neil Delpratt about 10 years ago. Updated over 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

O'Neil Delpratt

Category:

Internals

Sprint/Milestone:

Start date:

2014-04-14

Due date:

% Done:

80%

Estimated time:

Legacy ID:

Applies to branch:

Fix Committed on Branch:

Fixed in Maintenance Release:

Platforms:

Description

We hope to add ability to set the XMLParser specific features and properties from Saxon via the Saxon feature keys.

This bug/support feature stemmed from a user who requires the disabling of external entities resolving to avoid the XXE vulnerability (See: https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing) and specifically in Saxon-C.

This seems to be something which is required in web application, and in a web application the Java API (e.g. the s9api or JAXP API) is appropriate rather than the command line. When you use the API, you can instantiate an XMLReader yourself, set its configuration options, and then supply this to Saxon as the transformation source (e.g. in a SAXSource object).

There is no direct way to set the parser options in Saxon-C.

Please register to edit this issue

Actions

Send by e-mail Copy link

Also available in: Atom PDF

Project

Profile

Help

Saxon

Bug #2051

Set the features and properties of the XMLParser

Updated by O'Neil Delpratt about 10 years ago

Updated by Michael Kay about 10 years ago

Updated by Michael Kay over 9 years ago

Updated by O'Neil Delpratt over 9 years ago