[YANGTOOLS-708] Introduce XML utilities for dealing with untrusted documents Created: 28/Oct/16  Updated: 10/Apr/22  Resolved: 08/Nov/16

Status: Resolved
Project: yangtools
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug
Reporter: Robert Varga Assignee: Robert Varga
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All


External issue ID: 7057

 Description   

We are dealing with untrusted XMLs across all projects, with a lot of places instantiation DocumentBuilderFactories and similar.

Create a central place, which will give out properly configured instances, so that we reduce the risk of DoS attacks on code which thinks that a DocumentBuilder, or any XML parser can be trusted in its default configuration.



 Comments   
Comment by Robert Varga [ 28/Oct/16 ]

master: https://git.opendaylight.org/gerrit/47727

Comment by Robert Varga [ 05/Nov/16 ]

boron: https://git.opendaylight.org/gerrit/48028

Generated at Wed Feb 07 20:54:04 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.