Uploaded image for project: 'Batik'
  1. Batik
  2. BATIK-237

security problem with xerces-2_0_1

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Resolution: Incomplete
    • 1.1.x
    • None
    • Scripting
    • None
    • Operating System: other
      Platform: Other

    Description

      Using xerces instead of crimson, the security manager seems to block the access
      to our own resources like the SVG dtd.

      To reproduce the problem:

      1. download xerces2_0_1
      2. copy xercesImpl into the lib/ directory
      3. change the line into resources/org/apache/batik/util/XMLResourceDescriptor
      to org.xml.sax.driver = org.apache.xerces.parsers.SAXParser
      4. launch batik with the security options 'on'

      The error will be in SAXSVGDocumentFactory and the reason is because:
      getClass().getResource("resources/svg10.dtd") returns 'null'.

      With crimson + security, it works. xerces with security, it works.

      BTW: Additional RFE, see if with security options 'on', it's possible to
      download a DTD somewhere on the web (if that makes sense to do that).

      Attachments

        Activity

          People

            batik-dev@xmlgraphics.apache.org Batik Developer's Mailing list
            tkormann@apache.org Thierry Kormann
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: