Merge pull request #1924 from OpenRefine/issue1907
Disable DTDs in XML importer.
This commit is contained in:
commit
eb16784f01
@ -321,6 +321,7 @@ public class XmlImporter extends TreeImportingParserBase {
|
||||
XMLInputFactory factory = XMLInputFactory.newInstance();
|
||||
factory.setProperty(XMLInputFactory.IS_COALESCING, true);
|
||||
factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true);
|
||||
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
|
||||
|
||||
return factory.createXMLStreamReader(wrapPrefixRemovingInputStream(inputStream));
|
||||
}
|
||||
|
@ -131,6 +131,17 @@ public class XmlImporterTests extends ImporterTest {
|
||||
Assert.assertEquals(row.getCell(1).value, "Author 1, The");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void ignoresDtds() {
|
||||
RunTest(getSampleWithDtd());
|
||||
|
||||
assertProjectCreated(project, 4, 6);
|
||||
Row row = project.rows.get(0);
|
||||
Assert.assertNotNull(row);
|
||||
Assert.assertNotNull(row.getCell(1));
|
||||
Assert.assertEquals(row.getCell(1).value, "Author 1, The");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void canParseSampleWithDuplicateNestedElements(){
|
||||
RunTest(getSampleWithDuplicateNestedElements());
|
||||
@ -224,6 +235,21 @@ public class XmlImporterTests extends ImporterTest {
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
public static String getSampleWithDtd(){
|
||||
StringBuilder sb = new StringBuilder();
|
||||
sb.append("<?xml version=\"1.0\"?>");
|
||||
sb.append("<!DOCTYPE library [\n" +
|
||||
"<!ENTITY % asd SYSTEM \"http://domain.does.not.exist:4444/ext.dtd\">\n" +
|
||||
"%asd;\n" +
|
||||
"%c;\n" +
|
||||
"]><library>");
|
||||
for(int i = 1; i < 7; i++){
|
||||
sb.append(getTypicalElement(i));
|
||||
}
|
||||
sb.append("</library>");
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
public static ObjectNode getOptions(ImportingJob job, TreeImportingParserBase parser) {
|
||||
ObjectNode options = parser.createParserUIInitializationData(
|
||||
job, new LinkedList<>(), "text/json");
|
||||
|
Loading…
Reference in New Issue
Block a user