Skip to content

Commit

Permalink
FOP-3168: Add secure processing for XSL input
Browse files Browse the repository at this point in the history
  • Loading branch information
@simonsteiner1984
simonsteiner1984 committed Mar 5, 2024
1 parent cb26fed commit d96ba9a
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions fop-core/src/main/java/org/apache/fop/cli/InputHandler.java
View file
Expand Up @@ -26,6 +26,7 @@
import java.lang.reflect.InvocationTargetException;
import java.util.Vector;

import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.ErrorListener;
Expand Down Expand Up @@ -265,6 +266,7 @@ protected void transformTo(Result result) throws FOPException {
try {
// Setup XSLT
TransformerFactory factory = TransformerFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer;

Source xsltSource = createXSLTSource();
Expand Down

0 comments on commit d96ba9a

Please sign in to comment.