Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
-
None
Description
The OfflineContentHandler is another layer of protection against external entity vulnerabilities. Parsers are responsible for adding it before calling XMLReaderUtils.parseSAX(). When new parsers come it, devs may not know to add this extra layer. Let's modify the code in 2.x at least to add the offline contenthandler automatically in XMLReaderUtils.parseSAX().