Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Set Load external DTD feature to be enabled #3605
I realize this is a somewhat odd request, but here it goes. In our project (Android OS) we use ENTITY in our config to allow composing our config files from many different files as some subprojects of Android OS have different style requirements. This normally works great with Checkstyle, however our default
This would not affect anyone, except to allow us to keep using Checkstyle without any downstream modifications.
both features load-external-dtd and external-general-entities are normally default set to true. Our company has set their java defaults to false as it can lead to cross scripting attacks if not handled correctly. load-external-dtd feature allows to load external DTD into a an XML document and external-general-entities feature allows to these these external DTDs in elements. Using these two we are able to compose configuration files from multiple XML files. Since both of these features are enabled by default in default java set ups it should be a no-op for most checkstyle users.
https://xerces.apache.org/xerces2-j/features.html#nonvalidating.load-external-dtd , default is "true"... but in issue specified as disabled in java installation due to security reason.
Should be fine to do such update as we actually enforce default value.