Skip to content

security: restrict external resource access in XSLTProcessor#1147

Open
MatrixNeoKozak wants to merge 2 commits into
HtmlUnit:masterfrom
MatrixNeoKozak:fix/improvement-1783437321985
Open

security: restrict external resource access in XSLTProcessor#1147
MatrixNeoKozak wants to merge 2 commits into
HtmlUnit:masterfrom
MatrixNeoKozak:fix/improvement-1783437321985

Conversation

@MatrixNeoKozak

Copy link
Copy Markdown

Configure TransformerFactory and DocumentBuilderFactory in XSLTProcessor with FEATURE_SECURE_PROCESSING and restrict external DTD and stylesheet references to mitigate remote resource loading during XSLT transformation.

@rbri

rbri commented Jul 7, 2026

Copy link
Copy Markdown
Member

looks great, will have a look later on this, many thanks

@rbri

rbri commented Jul 7, 2026

Copy link
Copy Markdown
Member

@MatrixNeoKozak can you please add your name to the @authors in the file and also your name to the pom-contributors part.

@sonarqubecloud

sonarqubecloud Bot commented Jul 8, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants