[jira] [Commented] (DOXIA-718) Apply best security recommendations to xml parsing and validation

Michael Osipov (Jira) Sat, 30 Dec 2023 05:36:04 -0800


    [ 
https://issues.apache.org/jira/browse/DOXIA-718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17801357#comment-17801357
 ]


Michael Osipov commented on DOXIA-718:
--------------------------------------

I have tried to modify the {{XmlValidator}} class and run Doxia Sitetools tests 
with {{entitityTest.xml}}. All of the are still resolved. I consider this test 
to fail so the config does not seem to be complete. Also disabling DTDs will 
break valid use cases Xdoc and FML support...

> Apply best security recommendations to xml parsing and validation
> -----------------------------------------------------------------
>
>                 Key: DOXIA-718
>                 URL: https://issues.apache.org/jira/browse/DOXIA-718
>             Project: Maven Doxia
>          Issue Type: Improvement
>            Reporter: Sylwester Lachiewicz
>            Priority: Minor
>
> Apply OWASP recommendation if needed
>  
> [https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (DOXIA-718) Apply best security recommendations to xml parsing and validation

Reply via email to