Merge pull request #1924 from OpenRefine/issue1907
Disable DTDs in XML importer.
This commit is contained in:
commit
eb16784f01
@ -321,6 +321,7 @@ public class XmlImporter extends TreeImportingParserBase {
|
|||||||
XMLInputFactory factory = XMLInputFactory.newInstance();
|
XMLInputFactory factory = XMLInputFactory.newInstance();
|
||||||
factory.setProperty(XMLInputFactory.IS_COALESCING, true);
|
factory.setProperty(XMLInputFactory.IS_COALESCING, true);
|
||||||
factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true);
|
factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true);
|
||||||
|
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
|
||||||
|
|
||||||
return factory.createXMLStreamReader(wrapPrefixRemovingInputStream(inputStream));
|
return factory.createXMLStreamReader(wrapPrefixRemovingInputStream(inputStream));
|
||||||
}
|
}
|
||||||
|
@ -130,6 +130,17 @@ public class XmlImporterTests extends ImporterTest {
|
|||||||
Assert.assertNotNull(row.getCell(1));
|
Assert.assertNotNull(row.getCell(1));
|
||||||
Assert.assertEquals(row.getCell(1).value, "Author 1, The");
|
Assert.assertEquals(row.getCell(1).value, "Author 1, The");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void ignoresDtds() {
|
||||||
|
RunTest(getSampleWithDtd());
|
||||||
|
|
||||||
|
assertProjectCreated(project, 4, 6);
|
||||||
|
Row row = project.rows.get(0);
|
||||||
|
Assert.assertNotNull(row);
|
||||||
|
Assert.assertNotNull(row.getCell(1));
|
||||||
|
Assert.assertEquals(row.getCell(1).value, "Author 1, The");
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void canParseSampleWithDuplicateNestedElements(){
|
public void canParseSampleWithDuplicateNestedElements(){
|
||||||
@ -224,6 +235,21 @@ public class XmlImporterTests extends ImporterTest {
|
|||||||
return sb.toString();
|
return sb.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static String getSampleWithDtd(){
|
||||||
|
StringBuilder sb = new StringBuilder();
|
||||||
|
sb.append("<?xml version=\"1.0\"?>");
|
||||||
|
sb.append("<!DOCTYPE library [\n" +
|
||||||
|
"<!ENTITY % asd SYSTEM \"http://domain.does.not.exist:4444/ext.dtd\">\n" +
|
||||||
|
"%asd;\n" +
|
||||||
|
"%c;\n" +
|
||||||
|
"]><library>");
|
||||||
|
for(int i = 1; i < 7; i++){
|
||||||
|
sb.append(getTypicalElement(i));
|
||||||
|
}
|
||||||
|
sb.append("</library>");
|
||||||
|
return sb.toString();
|
||||||
|
}
|
||||||
|
|
||||||
public static ObjectNode getOptions(ImportingJob job, TreeImportingParserBase parser) {
|
public static ObjectNode getOptions(ImportingJob job, TreeImportingParserBase parser) {
|
||||||
ObjectNode options = parser.createParserUIInitializationData(
|
ObjectNode options = parser.createParserUIInitializationData(
|
||||||
job, new LinkedList<>(), "text/json");
|
job, new LinkedList<>(), "text/json");
|
||||||
|
Loading…
Reference in New Issue
Block a user