Scott Cantor created XERCESC-2254:
-------------------------------------
Summary: Some NetAccessors attempt to resolve relative URLs
Key: XERCESC-2254
URL: https://issues.apache.org/jira/browse/XERCESC-2254
Project: Xerces-C++
Issue Type: Bug
Components: NetAccessors
Affects Versions: 3.2.5, 3.2.4, 3.2.3, 3.2.2, 3.2.1, 3.1.4, 3.1.3, 3.2.0,
3.1.2, 3.1.1, 3.1.0, 3.0.2, 3.0.1, 3.0.0
Reporter: Scott Cantor
Assignee: Scott Cantor
Fix For: 3.3.0
It was noted that the NetAccessors don't have any guard against being handed a
relative URL, which is not a sensible thing for them to be trying to resolve.
Further, at least one of the implemented NetAccessors can do protocol inference
for scheme-less URLs, making them unsafe to use.
All applications should have an entity/resource resolver guarding URLs anyway,
but we should harden the code to just prevent it from happening by the supplied
implementations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
