Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
Unknown
Description
This task is to remove static methods from StaxUtils to restrict XML level/count:
- public static void setInnerElementLevelThreshold(int i) { - innerElementLevelThreshold = i != -1 ? i : 500; - setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth", innerElementLevelThreshold); - } - public static void setInnerElementCountThreshold(int i) { - innerElementCountThreshold = i != -1 ? i : 50000; - setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxChildrenPerElement", innerElementCountThreshold); - }
These methods are problematic as they only set the property on the SAFE_INPUT_FACTORY and not on any of the instances that might already be stored in the NS_AWARE_INPUT_FACTORY_POOL. Instead, set the system properties to customize how we restrict XML.