1 Reply Latest reply on Mar 20, 2007 10:42 AM by Thomas Diesler

    FEATURE_SECURE_PROCESSING and related dtd parsing config usa

    Scott Stark Master

      A question has come up around the dtd entity parsing denial of service issue raised here:


      Are we allowing for the use of the parser.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true) to limit the defaults?

      What about disabling doctypes via the http://apache.org/xml/features/disallow-doctype-decl feature: