Package: xmltooling / 1.6.0-4+deb9u2

security/Add-disallowDoctype-to-parser-configuration.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
From: Scott Cantor <cantor.2@osu.edu>
Date: Sun, 12 Nov 2017 17:45:33 -0500
Subject: Add disallowDoctype to parser configuration.

---
 xmltooling/util/ParserPool.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xmltooling/util/ParserPool.cpp b/xmltooling/util/ParserPool.cpp
index bad84f7..d157074 100644
--- a/xmltooling/util/ParserPool.cpp
+++ b/xmltooling/util/ParserPool.cpp
@@ -418,6 +418,7 @@ DOMLSParser* ParserPool::createBuilder()
     parser->getDomConfig()->setParameter(XMLUni::fgXercesDisableDefaultEntityResolution, true);
     parser->getDomConfig()->setParameter(XMLUni::fgDOMResourceResolver, dynamic_cast<DOMLSResourceResolver*>(this));
     parser->getDomConfig()->setParameter(XMLUni::fgXercesSecurityManager, m_security.get());
+    parser->getDomConfig()->setParameter(XMLUni::fgDOMDisallowDoctype, true);
     return parser;
 }