RFR (JAXP): 8028111 : XML readers share the same entity expansion counter
Alan Bateman
Alan.Bateman at oracle.com
Thu Nov 14 10:51:07 UTC 2013
On 13/11/2013 22:08, huizhe wang wrote:
> :
>
> Each parser has its own copy of XMLSecurityManager that maintains the
> values of the limits. The parser is reset before it starts to parse a
> document. Resetting the values managed by XMLSecurityManager therefore
> makes sure that the limits are per document.
>
> Daniel sent me a private email to question if the reset in
> PropertyManager is safe. He was right. I traced that back to the
> previous patch in that the StAX parsers actually were sharing the same
> XMLSecurityManager, and also XMLSecurityPropertyManager. I've changed
> the code so that they are cloned.
>
> webrev:
> http://cr.openjdk.java.net/~joehw/jdk8/8028111/webrev/
Sorry about that, having it called XMLSecurityManager when it's not a
SecurityManager is always confusing. In that case, it looks okay to me.
-Alan.
More information about the core-libs-dev
mailing list