[FOP-2987] Allow FOP to set Batik blockExternalResources flag - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: image/svg
Labels:
None

Description

Batik 1.13+ has a flag blockExternalResources to allow blocking of external resources in the xlink:href of SVGs (see https://issues.apache.org/jira/browse/BATIK-1276).

However, there doesn't seem to be any way to set this flag within FOP which leaves the original SSRF security vulnerability open.

We would like to request that a new feature is added to FOP such that it's possible to set the Batik blockExternalResources flag via config.

Thank you.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Graham Hadden

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Dec/20 11:07

Updated:: 16/Aug/22 12:33