1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-11-10 14:16:00 +01:00
Commit graph

3 commits

Author SHA1 Message Date
Florian Schmaus
c1b412c457 [xmlparser-stax] Disable external entities and DTD
Before that, the StAX parser used by Smack for XML parsing had
only external entity replacement disabled. We further harden the
parser by disabling DTDs.

See also:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlinputfactory-a-stax-parser
2020-10-05 08:55:10 +02:00
Florian Schmaus
947244b704 Use XMLInputFactory.newInstance() instead of newFactory()
As newFactory() is errornously marked as deprecated in Java 9 or
higher. See also https://bugs.openjdk.java.net/browse/JDK-8183519
2019-07-19 23:05:46 +02:00
Florian Schmaus
4133eb175c Replace XPP3 by XmlPullParser interface wrapping StAX and XPP3
Introducing Smack's own XmlPullParser interface which tries to stay as
compatible as possible to XPP3. The interface is used to either wrap
StAX's XMLStreamReader if Smack is used on Java SE, and XPP3's
XmlPullParser if Smack is used on on Android.

Fixes SMACK-591.

Also introduce JUnit 5 and non-strict javadoc projects.
2019-05-06 22:10:50 +02:00